diff options
Diffstat (limited to 'framesequence/jni')
-rw-r--r-- | framesequence/jni/FrameSequence_webp.cpp | 12 | ||||
-rw-r--r-- | framesequence/jni/FrameSequence_webp.h | 9 |
2 files changed, 19 insertions, 2 deletions
diff --git a/framesequence/jni/FrameSequence_webp.cpp b/framesequence/jni/FrameSequence_webp.cpp index c33a7e2..034847a 100644 --- a/framesequence/jni/FrameSequence_webp.cpp +++ b/framesequence/jni/FrameSequence_webp.cpp @@ -84,7 +84,10 @@ void FrameSequence_webp::constructDependencyChain() { #endif } -FrameSequence_webp::FrameSequence_webp(Stream* stream) { +FrameSequence_webp::FrameSequence_webp(Stream* stream) + : mDemux(NULL) + , mIsKeyFrame(NULL) + , mRawByteBuffer(NULL) { if (stream->getRawBuffer() != NULL) { mData.size = stream->getRawBufferSize(); mData.bytes = stream->getRawBufferAddr(); @@ -96,7 +99,12 @@ FrameSequence_webp::FrameSequence_webp(Stream* stream) { ALOGE("WebP header load failed"); return; } - mData.size = CHUNK_HEADER_SIZE + GetLE32(riff_header + TAG_SIZE); + uint32_t readSize = GetLE32(riff_header + TAG_SIZE); + if (readSize > MAX_CHUNK_PAYLOAD) { + ALOGE("WebP got header size too large"); + return; + } + mData.size = CHUNK_HEADER_SIZE + readSize; mData.bytes = new uint8_t[mData.size]; memcpy((void*)mData.bytes, riff_header, RIFF_HEADER_SIZE); diff --git a/framesequence/jni/FrameSequence_webp.h b/framesequence/jni/FrameSequence_webp.h index 94dcc3b..a29574c 100644 --- a/framesequence/jni/FrameSequence_webp.h +++ b/framesequence/jni/FrameSequence_webp.h @@ -32,10 +32,16 @@ public: virtual ~FrameSequence_webp(); virtual int getWidth() const { + if (!mDemux) { + return 0; + } return WebPDemuxGetI(mDemux, WEBP_FF_CANVAS_WIDTH); } virtual int getHeight() const { + if (!mDemux) { + return 0; + } return WebPDemuxGetI(mDemux, WEBP_FF_CANVAS_HEIGHT); } @@ -44,6 +50,9 @@ public: } virtual int getFrameCount() const { + if (!mDemux) { + return 0; + } return WebPDemuxGetI(mDemux, WEBP_FF_FRAME_COUNT); } |