From 34205d1f5f98b01ece198f16ad55ff80ece31558 Mon Sep 17 00:00:00 2001
From: Yamit Mehta <ymehta@codeaurora.org>
Date: Sun, 12 Jul 2015 13:19:13 +0530
Subject: stagefright: handle zero size field in ID3v2 header

Specific clip contains corrupt ID3v2 header where size field is zero. This
corner case isn't handled properly and leads to crash.

Change-Id: Ic7e97b9de84b0cb3ce3716db95ab05f8f0db336f
CRs-Fixed: 815025
---
 media/libstagefright/id3/ID3.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'media/libstagefright/id3/ID3.cpp')

diff --git a/media/libstagefright/id3/ID3.cpp b/media/libstagefright/id3/ID3.cpp
index 00f87aa..d9a198d 100644
--- a/media/libstagefright/id3/ID3.cpp
+++ b/media/libstagefright/id3/ID3.cpp
@@ -486,8 +486,9 @@ void ID3::Iterator::getString(String8 *id, String8 *comment) const {
 void ID3::Iterator::getstring(String8 *id, bool otherdata) const {
     id->setTo("");
 
-    const uint8_t *frameData = mFrameData;
-    if (frameData == NULL) {
+    size_t size;
+    const uint8_t *frameData = getData(&size);
+    if ((size == 0) || (frameData == NULL)) {
         return;
     }
 
-- 
cgit v1.1