From 28314aef9e8a666dbb75bbd555f6566a6c991f1c Mon Sep 17 00:00:00 2001
From: Wonsik Kim <wonsik@google.com>
Date: Fri, 11 Sep 2015 06:51:10 +0000
Subject: Revert "Avoid size_t overflow in base64 decoding once again"

This reverts commit c9ac5dfdafed1c66beae090cafa97002764e0ca3.

Change-Id: Iae9707bbd8641a0bb00fcda39a20eb8b8f4f5232
---
 media/libstagefright/foundation/base64.cpp | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

(limited to 'media/libstagefright/foundation')

diff --git a/media/libstagefright/foundation/base64.cpp b/media/libstagefright/foundation/base64.cpp
index 7da7db9..dcf5bef 100644
--- a/media/libstagefright/foundation/base64.cpp
+++ b/media/libstagefright/foundation/base64.cpp
@@ -22,11 +22,11 @@
 namespace android {
 
 sp<ABuffer> decodeBase64(const AString &s) {
-    size_t n = s.size();
-    if ((n % 4) != 0) {
+    if ((s.size() % 4) != 0) {
         return NULL;
     }
 
+    size_t n = s.size();
     size_t padding = 0;
     if (n >= 1 && s.c_str()[n - 1] == '=') {
         padding = 1;
@@ -40,16 +40,11 @@ sp<ABuffer> decodeBase64(const AString &s) {
         }
     }
 
-    // We divide first to avoid overflow. It's OK to do this because we
-    // already made sure that n % 4 == 0.
-    size_t outLen = (n / 4) * 3 - padding;
+    size_t outLen = 3 * s.size() / 4 - padding;
 
     sp<ABuffer> buffer = new ABuffer(outLen);
 
     uint8_t *out = buffer->data();
-    if (out == NULL || buffer->size() < outLen) {
-        return NULL;
-    }
     size_t j = 0;
     uint32_t accum = 0;
     for (size_t i = 0; i < n; ++i) {
-- 
cgit v1.1