summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarco Nelissen <marcone@google.com>2017-10-09 14:59:43 -0700
committerMSe <mse1969@posteo.de>2018-01-10 22:45:21 +0100
commit80de27ec697625eb965893bbeced75214b998bca (patch)
tree5004fd2615e5713bc6a9d967559a95db3e6a2d9e
parent9d0749abe3fdc6d79599b57fe3ecbe6fa1a3e990 (diff)
downloadframeworks_av-80de27ec697625eb965893bbeced75214b998bca.tar.gz
frameworks_av-80de27ec697625eb965893bbeced75214b998bca.tar.bz2
frameworks_av-80de27ec697625eb965893bbeced75214b998bca.zip
Fix edge case when applying id3 unsynchronization
Bug: 63100526 Test: opened poc, other files Change-Id: I0a51a2a11d0ea84ede0c075de650a7118f0e00c5 (cherry picked from commit 3e70296461c5f260988ab21854a6f43fdafea764) CVE-2017-13200
Diffstat
-rw-r--r--media/libstagefright/id3/ID3.cpp7
1 files changed, 6 insertions, 1 deletions
diff --git a/media/libstagefright/id3/ID3.cpp b/media/libstagefright/id3/ID3.cpp
index fee13eac66..ed52b12d88 100644
--- a/media/libstagefright/id3/ID3.cpp
+++ b/media/libstagefright/id3/ID3.cpp
@@ -392,7 +392,12 @@ bool ID3::removeUnsynchronizationV2_4(bool iTunesHack) {
--mSize;
--dataSize;
}
- mData[writeOffset++] = mData[readOffset++];
+ if (i + 1 < dataSize) {
+ // Only move data if there's actually something to move.
+ // This handles the special case of the data being only [0xff, 0x00]
+ // which should be converted to just 0xff if unsynchronization is on.
+ mData[writeOffset++] = mData[readOffset++];
+ }
}
// move the remaining data following this frame
if (readOffset <= oldSize) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 07:16:03 +0000