diff options
author | Marco Nelissen <marcone@google.com> | 2017-05-11 14:43:54 -0700 |
---|---|---|
committer | MSe <mse1969@posteo.de> | 2017-07-07 21:09:03 +0200 |
commit | e43e8adbc6a3b3f5c27a7e9090c5f3e55f1426a8 (patch) | |
tree | 633ca9eca973317b1a5c0d96d5b8c855437d15dd | |
parent | 6545e18d849aad7ffef12ad97aa886d218084bbc (diff) | |
download | android_external_sonivox-e43e8adbc6a3b3f5c27a7e9090c5f3e55f1426a8.tar.gz android_external_sonivox-e43e8adbc6a3b3f5c27a7e9090c5f3e55f1426a8.tar.bz2 android_external_sonivox-e43e8adbc6a3b3f5c27a7e9090c5f3e55f1426a8.zip |
Check chunk sizereplicant-6.0-0002
to make sure we actually advance in the file
Bug: 37093318
Test: decoded poc and other files with and without change
AOSP-Change-Id: I94cf65336ce4132c17c39b651dc520264f02a704
(cherry picked from commit f01750adb0558d1885c7d5a5c8900d2187d0d38d)
CVE-2017-0694
Change-Id: I3627f73dccfbb04dd744475c96e5532302b8196a
-rw-r--r-- | arm-wt-22k/lib_src/eas_mdls.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/arm-wt-22k/lib_src/eas_mdls.c b/arm-wt-22k/lib_src/eas_mdls.c index 6da1207..79dd01d 100644 --- a/arm-wt-22k/lib_src/eas_mdls.c +++ b/arm-wt-22k/lib_src/eas_mdls.c @@ -791,6 +791,11 @@ static EAS_RESULT NextChunk (SDLS_SYNTHESIZER_DATA *pDLSData, EAS_I32 *pPos, EAS if ((result = EAS_HWGetDWord(pDLSData->hwInstData, pDLSData->fileHandle, pSize, EAS_FALSE)) != EAS_SUCCESS) return result; + if (*pSize < 0) { + ALOGE("b/37093318"); + return EAS_ERROR_FILE_FORMAT; + } + /* get form type for RIFF and LIST types */ if ((*pChunkType == CHUNK_RIFF) || (*pChunkType == CHUNK_LIST)) { |