summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarco Nelissen <marcone@google.com>2017-05-11 14:43:54 -0700
committerMSe <mse1969@posteo.de>2017-07-07 21:09:03 +0200
commite43e8adbc6a3b3f5c27a7e9090c5f3e55f1426a8 (patch)
tree633ca9eca973317b1a5c0d96d5b8c855437d15dd
parent6545e18d849aad7ffef12ad97aa886d218084bbc (diff)
downloadandroid_external_sonivox-replicant-6.0-0002.tar.gz
android_external_sonivox-replicant-6.0-0002.tar.bz2
android_external_sonivox-replicant-6.0-0002.zip
Check chunk sizereplicant-6.0-0002
to make sure we actually advance in the file Bug: 37093318 Test: decoded poc and other files with and without change AOSP-Change-Id: I94cf65336ce4132c17c39b651dc520264f02a704 (cherry picked from commit f01750adb0558d1885c7d5a5c8900d2187d0d38d) CVE-2017-0694 Change-Id: I3627f73dccfbb04dd744475c96e5532302b8196a
-rw-r--r--arm-wt-22k/lib_src/eas_mdls.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/arm-wt-22k/lib_src/eas_mdls.c b/arm-wt-22k/lib_src/eas_mdls.c
index 6da1207..79dd01d 100644
--- a/arm-wt-22k/lib_src/eas_mdls.c
+++ b/arm-wt-22k/lib_src/eas_mdls.c
@@ -791,6 +791,11 @@ static EAS_RESULT NextChunk (SDLS_SYNTHESIZER_DATA *pDLSData, EAS_I32 *pPos, EAS
if ((result = EAS_HWGetDWord(pDLSData->hwInstData, pDLSData->fileHandle, pSize, EAS_FALSE)) != EAS_SUCCESS)
return result;
+ if (*pSize < 0) {
+ ALOGE("b/37093318");
+ return EAS_ERROR_FILE_FORMAT;
+ }
+
/* get form type for RIFF and LIST types */
if ((*pChunkType == CHUNK_RIFF) || (*pChunkType == CHUNK_LIST))
{