From 66461a19dae20ad3df643166a39100ef58202bc3 Mon Sep 17 00:00:00 2001 From: Roger1 Jonsson Date: Wed, 26 Oct 2016 09:20:00 +0200 Subject: Avoid crash for stss sync sample number 0 A sample number value of 0 means that the value stored in the mSyncSamples array, would become negative (-1), when converted to index value. This causes a crash. Make sure that stss sample numbers are bigger than 0 before converting sample number to index value. Bug: 32423862 bug: 35645051 Test: Playback video that triggers stss sync sample number 0 Change-Id: I35bee7c718e01b086d7e05deda13b38083f509f5 (cherry picked from commit 024e783acdff65cdb8eb9de5ade3359ebb338a3b) --- media/libstagefright/SampleTable.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/media/libstagefright/SampleTable.cpp b/media/libstagefright/SampleTable.cpp index 2d7e613e54..c07bedb5ab 100644 --- a/media/libstagefright/SampleTable.cpp +++ b/media/libstagefright/SampleTable.cpp @@ -562,6 +562,10 @@ status_t SampleTable::setSyncSampleParams(off64_t data_offset, size_t data_size) } for (size_t i = 0; i < numSyncSamples; ++i) { + if (mSyncSamples[i] == 0) { + ALOGE("b/32423862, unexpected zero value in stss"); + continue; + } mSyncSamples[i] = ntohl(mSyncSamples[i]) - 1; } -- cgit v1.2.3