am c310ea10: am cd492ad1: am 9d34bc31: Fix uninitialized read in gif extension reading

* commit 'c310ea102fcf14540742007361d8f51f05d6affe': Fix uninitialized read in gif extension reading
author: Chris Craik <ccraik@google.com> 2014-04-10 01:07:55 +0000
committer: Android Git Automerger <android-git-automerger@android.com> 2014-04-10 01:07:55 +0000
commit: ed900eafd6d38cddd01e31eb282165208e8c9171 (patch)
tree: e62eb1438d828c5a838e437957d348fa7b1380ac /framesequence
parent: 4fbb1a29d3ca05199561acb9036a8e9c1aed72c0 (diff)
parent: c310ea102fcf14540742007361d8f51f05d6affe (diff)
download: android_frameworks_ex-ed900eafd6d38cddd01e31eb282165208e8c9171.tar.gz
android_frameworks_ex-ed900eafd6d38cddd01e31eb282165208e8c9171.tar.bz2
android_frameworks_ex-ed900eafd6d38cddd01e31eb282165208e8c9171.zip
2 files changed, 7 insertions, 8 deletions
diff --git a/framesequence/jni/FrameSequenceJNI.cpp b/framesequence/jni/FrameSequenceJNI.cpp
index efeed7e..08a73bc 100644
--- a/framesequence/jni/FrameSequenceJNI.cpp
+++ b/framesequence/jni/FrameSequenceJNI.cpp
@@ -53,8 +53,7 @@ static jobject nativeDecodeByteArray(JNIEnv* env, jobject clazz,
                 "couldn't read array bytes");
         return NULL;
     }
-    bytes += offset;
-    MemoryStream stream(bytes, length);
+    MemoryStream stream(bytes + offset, length);
     FrameSequence* frameSequence = FrameSequence::create(&stream);
     env->ReleasePrimitiveArrayCritical(byteArray, bytes, 0);
     return createJavaFrameSequence(env, frameSequence);
diff --git a/framesequence/jni/FrameSequence_gif.cpp b/framesequence/jni/FrameSequence_gif.cpp
index 2402439..daa097b 100644
--- a/framesequence/jni/FrameSequence_gif.cpp
+++ b/framesequence/jni/FrameSequence_gif.cpp
@@ -81,14 +81,14 @@ FrameSequence_gif::FrameSequence_gif(Stream* stream) :
         for (int j = 0; (j + 1) < image.ExtensionBlockCount; j++) {
             ExtensionBlock* eb1 = image.ExtensionBlocks + j;
             ExtensionBlock* eb2 = image.ExtensionBlocks + j + 1;
-            if (eb1->Function == APPLICATION_EXT_FUNC_CODE &&
+            if (eb1->Function == APPLICATION_EXT_FUNC_CODE
                     // look for "NETSCAPE2.0" app extension
-                    eb1->ByteCount == 11 &&
-                    !strcmp((const char*)(eb1->Bytes), "NETSCAPE2.0") &&
+                    && eb1->ByteCount == 11
+                    && !memcmp((const char*)(eb1->Bytes), "NETSCAPE2.0", 11)
                     // verify extension contents and get loop count
-                    eb2->Function == CONTINUE_EXT_FUNC_CODE &&
-                    eb2->ByteCount == 3 &&
-                    eb2->Bytes[0] == 1) {
+                    && eb2->Function == CONTINUE_EXT_FUNC_CODE
+                    && eb2->ByteCount == 3
+                    && eb2->Bytes[0] == 1) {
                 mLoopCount = (int)(eb2->Bytes[2] & 0xff) + (int)(eb2->Bytes[1] & 0xff);
             }
         }
author	Chris Craik <ccraik@google.com>	2014-04-10 01:07:55 +0000
committer	Android Git Automerger <android-git-automerger@android.com>	2014-04-10 01:07:55 +0000
commit	ed900eafd6d38cddd01e31eb282165208e8c9171 (patch)
tree	e62eb1438d828c5a838e437957d348fa7b1380ac /framesequence
parent	4fbb1a29d3ca05199561acb9036a8e9c1aed72c0 (diff)
parent	c310ea102fcf14540742007361d8f51f05d6affe (diff)
download	android_frameworks_ex-ed900eafd6d38cddd01e31eb282165208e8c9171.tar.gz android_frameworks_ex-ed900eafd6d38cddd01e31eb282165208e8c9171.tar.bz2 android_frameworks_ex-ed900eafd6d38cddd01e31eb282165208e8c9171.zip