diff options
| author | Riaz Ur Rahaman <riazr@codeaurora.org> | 2010-09-17 12:33:28 +0530 |
|---|---|---|
| committer | Steve Kondik <shade@chemlab.org> | 2010-11-18 01:59:49 -0500 |
| commit | fd00237c3c5765f459c573b1626771b76b3e923e (patch) | |
| tree | 453d2403208820a970fdd898a6a4cfc3f7a96eb0 /media | |
| parent | ad23bf6b4c3781b1a57a8451828f5f10f8d49ce1 (diff) | |
| download | frameworks_base-fd00237c3c5765f459c573b1626771b76b3e923e.zip frameworks_base-fd00237c3c5765f459c573b1626771b76b3e923e.tar.gz frameworks_base-fd00237c3c5765f459c573b1626771b76b3e923e.tar.bz2 | |
libstagefright: Add check for zero chunk size.
mp4 file with chunksize of zero causes a infinite recursive call
of parsechunk of the parser resulting in ANR. Added check to handle
this case.
Change-Id: I468ef3371b4efb92d34fe38bbc99883641b4a7f5
Crs-Fixed:254974
Diffstat (limited to 'media')
| -rwxr-xr-x | media/libstagefright/MPEG4Extractor.cpp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp index fceced8..9d9e309 100755 --- a/media/libstagefright/MPEG4Extractor.cpp +++ b/media/libstagefright/MPEG4Extractor.cpp @@ -425,6 +425,9 @@ status_t MPEG4Extractor::parseChunk(off_t *offset, int depth) { uint32_t chunk_type = ntohl(hdr[1]); off_t data_offset = *offset + 8; + if(chunk_size == 0) + return ERROR_MALFORMED; + if (chunk_size == 1) { if (mDataSource->readAt(*offset + 8, &chunk_size, 8) < 8) { return ERROR_IO; |