diff options
author | TreeHugger Robot <treehugger-gerrit@google.com> | 2020-03-20 17:53:05 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2020-03-20 17:53:05 +0000 |
commit | 40e794335b92f2f5237bcfddab454758cc4ad246 (patch) | |
tree | 5d6cc4114981ff98457f049397c0ef34a414a31f | |
parent | 6c6ea89e914bb60023638cd12fd111b18df9c930 (diff) | |
parent | 6b3b2f26fbbcf5ef5b41e00fc9c6bd4a164aa260 (diff) | |
download | frameworks_av-40e794335b92f2f5237bcfddab454758cc4ad246.tar.gz frameworks_av-40e794335b92f2f5237bcfddab454758cc4ad246.tar.bz2 frameworks_av-40e794335b92f2f5237bcfddab454758cc4ad246.zip |
Merge "OpusHeader: Fix integer overflow in GetOpusHeaderBuffers" into qt-qpr1-dev
-rw-r--r-- | media/libstagefright/foundation/OpusHeader.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/media/libstagefright/foundation/OpusHeader.cpp b/media/libstagefright/foundation/OpusHeader.cpp index 513e41f4a9..f5687e0d60 100644 --- a/media/libstagefright/foundation/OpusHeader.cpp +++ b/media/libstagefright/foundation/OpusHeader.cpp @@ -292,6 +292,10 @@ bool GetOpusHeaderBuffers(const uint8_t *data, size_t data_size, *opusHeadSize = data_size; return true; } else if (memcmp(AOPUS_CSD_MARKER_PREFIX, data, AOPUS_CSD_MARKER_PREFIX_SIZE) == 0) { + if (data_size < AOPUS_UNIFIED_CSD_MINSIZE || data_size > AOPUS_UNIFIED_CSD_MAXSIZE) { + ALOGD("Unexpected size for unified opus csd %zu", data_size); + return false; + } size_t i = 0; bool found = false; while (i <= data_size - AOPUS_MARKER_SIZE - AOPUS_LENGTH_SIZE) { |