summaryrefslogtreecommitdiffstats
path: root/framesequence/jni/FrameSequence_webp.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'framesequence/jni/FrameSequence_webp.cpp')
-rw-r--r--framesequence/jni/FrameSequence_webp.cpp12
1 files changed, 10 insertions, 2 deletions
diff --git a/framesequence/jni/FrameSequence_webp.cpp b/framesequence/jni/FrameSequence_webp.cpp
index c33a7e2..034847a 100644
--- a/framesequence/jni/FrameSequence_webp.cpp
+++ b/framesequence/jni/FrameSequence_webp.cpp
@@ -84,7 +84,10 @@ void FrameSequence_webp::constructDependencyChain() {
#endif
}
-FrameSequence_webp::FrameSequence_webp(Stream* stream) {
+FrameSequence_webp::FrameSequence_webp(Stream* stream)
+ : mDemux(NULL)
+ , mIsKeyFrame(NULL)
+ , mRawByteBuffer(NULL) {
if (stream->getRawBuffer() != NULL) {
mData.size = stream->getRawBufferSize();
mData.bytes = stream->getRawBufferAddr();
@@ -96,7 +99,12 @@ FrameSequence_webp::FrameSequence_webp(Stream* stream) {
ALOGE("WebP header load failed");
return;
}
- mData.size = CHUNK_HEADER_SIZE + GetLE32(riff_header + TAG_SIZE);
+ uint32_t readSize = GetLE32(riff_header + TAG_SIZE);
+ if (readSize > MAX_CHUNK_PAYLOAD) {
+ ALOGE("WebP got header size too large");
+ return;
+ }
+ mData.size = CHUNK_HEADER_SIZE + readSize;
mData.bytes = new uint8_t[mData.size];
memcpy((void*)mData.bytes, riff_header, RIFF_HEADER_SIZE);
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 04:06:47 +0000