resolve merge conflicts of 89cdd4cb to mnc-devreplicant-6.0-0002 replicant-6.0-0001

CVE-2017-0478 Change-Id: Ie1421dc0fed3c3a20c5c146a253b27b8678a6207 (cherry picked from commit 7c824f17b3eea976ca58be7ea097cb807126f73b)
author: Chris Craik <ccraik@google.com> 2017-01-12 12:56:20 -0800
committer: Sean McCreary <mccreary@mcwest.org> 2017-03-22 12:43:38 -0600
commit: 676f7eef3f8988b541a0e2e74f8a2e2423aa87c9 (patch)
tree: 02187624009d3463b6a9e3529673ddcd2b2b6fde
parent: 06ecaa36d050866b2f0f29864b3e69b9970e9980 (diff)
download: android_frameworks_ex-676f7eef3f8988b541a0e2e74f8a2e2423aa87c9.tar.gz
android_frameworks_ex-676f7eef3f8988b541a0e2e74f8a2e2423aa87c9.tar.bz2
android_frameworks_ex-676f7eef3f8988b541a0e2e74f8a2e2423aa87c9.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/framesequence/jni/FrameSequence_webp.cpp b/framesequence/jni/FrameSequence_webp.cpp
index 034847a..aa99b90 100644
--- a/framesequence/jni/FrameSequence_webp.cpp
+++ b/framesequence/jni/FrameSequence_webp.cpp
@@ -105,6 +105,10 @@ FrameSequence_webp::FrameSequence_webp(Stream* stream)
             return;
         }
         mData.size = CHUNK_HEADER_SIZE + readSize;
+        if(mData.size < RIFF_HEADER_SIZE) {
+            ALOGE("WebP file malformed");
+            return;
+        }
         mData.bytes = new uint8_t[mData.size];
         memcpy((void*)mData.bytes, riff_header, RIFF_HEADER_SIZE);
author	Chris Craik <ccraik@google.com>	2017-01-12 12:56:20 -0800
committer	Sean McCreary <mccreary@mcwest.org>	2017-03-22 12:43:38 -0600
commit	676f7eef3f8988b541a0e2e74f8a2e2423aa87c9 (patch)
tree	02187624009d3463b6a9e3529673ddcd2b2b6fde
parent	06ecaa36d050866b2f0f29864b3e69b9970e9980 (diff)
download	android_frameworks_ex-676f7eef3f8988b541a0e2e74f8a2e2423aa87c9.tar.gz android_frameworks_ex-676f7eef3f8988b541a0e2e74f8a2e2423aa87c9.tar.bz2 android_frameworks_ex-676f7eef3f8988b541a0e2e74f8a2e2423aa87c9.zip