From c27fc358c91ed67965243294387dfb5ce7cd7fbf Mon Sep 17 00:00:00 2001
From: "Joshua J. Drake" <android-open-source@qoop.org>
Date: Thu, 9 Apr 2015 00:46:42 -0500
Subject: MPEG4Extractor: still more NULL dereference fixes

When processing various FourCC values within MP4 media, mLastTrack is accessed
without first ensuring that a track has been encoutered. Check for NULL and
bail out instead of crashing.

Bug: 20139950
Change-Id: Ie16687024d17348f576a0e13bd60bd4d6898de91
---
 media/libstagefright/MPEG4Extractor.cpp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'media')

diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index c7c238e..2d2e8fb 100755
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -1980,6 +1980,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
                 return ERROR_IO;
             }
 
+            if (mLastTrack == NULL)
+                return ERROR_MALFORMED;
+
             uint32_t type = ntohl(buffer);
             // For the 3GPP file format, the handler-type within the 'hdlr' box
             // shall be 'text'. We also want to support 'sbtl' handler type
-- 
cgit v1.1