diff options
author | Nick Kralevich <nnk@google.com> | 2015-08-07 11:19:24 -0700 |
---|---|---|
committer | Abhisek Devkota <ciwrl@cyanogenmod.com> | 2015-08-13 12:46:20 -0700 |
commit | 223d5c0822657233e48dc88bc7dbe10fedbd9ec3 (patch) | |
tree | 2e0e30d9a1fc0becb30a20d597db3bce383804b2 /media/libstagefright/MPEG4Extractor.cpp | |
parent | 0c0643ec7f1420c8a4aa696df1ad5b77a6adcb93 (diff) | |
download | frameworks_av-223d5c0822657233e48dc88bc7dbe10fedbd9ec3.tar.gz frameworks_av-223d5c0822657233e48dc88bc7dbe10fedbd9ec3.tar.bz2 frameworks_av-223d5c0822657233e48dc88bc7dbe10fedbd9ec3.zip |
MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
chunk_size is a uint64_t, so it can legitimately be bigger
than SIZE_MAX, which would cause the subtraction to underflow.
https://code.google.com/p/android/issues/detail?id=182251
CYNGNOS-446
Bug: 23034759
Change-Id: Ic1637fb26bf6edb0feb1bcf2876fd370db1ed547
Diffstat (limited to 'media/libstagefright/MPEG4Extractor.cpp')
-rw-r--r-- | media/libstagefright/MPEG4Extractor.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp index 6100dc26a4..8c3621588b 100644 --- a/media/libstagefright/MPEG4Extractor.cpp +++ b/media/libstagefright/MPEG4Extractor.cpp @@ -1825,7 +1825,7 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) { size = 0; } - if (SIZE_MAX - chunk_size <= size) { + if ((chunk_size > SIZE_MAX) || (SIZE_MAX - chunk_size <= size)) { return ERROR_MALFORMED; } |