diff options
| author | acolwell@chromium.org <acolwell@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-09-24 06:12:31 +0000 |
|---|---|---|
| committer | acolwell@chromium.org <acolwell@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-09-24 06:12:31 +0000 |
| commit | db257e523b80fe9a8568e8f20735f434c66b8d9e (patch) | |
| tree | fd0662d0d7dce38cd25ffe5c2b2dab896b01f45c /media/mp3 | |
| parent | 96a87f5663dc84f6bb09d482616e69d663067a25 (diff) | |
| download | chromium_src-db257e523b80fe9a8568e8f20735f434c66b8d9e.zip chromium_src-db257e523b80fe9a8568e8f20735f434c66b8d9e.tar.gz chromium_src-db257e523b80fe9a8568e8f20735f434c66b8d9e.tar.bz2 | |
Fix an OOB bug in MP3StreamParser.
BUG=280550
TEST=MP3StreamParserTest.UnalignedAppend512 w/ ASAN
Review URL: https://chromiumcodereview.appspot.com/23522069
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@224913 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'media/mp3')
| -rw-r--r-- | media/mp3/mp3_stream_parser.cc | 2 | ||||
| -rw-r--r-- | media/mp3/mp3_stream_parser_unittest.cc | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/media/mp3/mp3_stream_parser.cc b/media/mp3/mp3_stream_parser.cc index 0688d99..f577708 100644 --- a/media/mp3/mp3_stream_parser.cc +++ b/media/mp3/mp3_stream_parser.cc @@ -164,7 +164,7 @@ bool MP3StreamParser::Parse(const uint8* buf, int size) { int data_size; queue_.Peek(&data, &data_size); - if (size < 4) + if (data_size < 4) break; uint32 start_code = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; diff --git a/media/mp3/mp3_stream_parser_unittest.cc b/media/mp3/mp3_stream_parser_unittest.cc index 9d30954..2e2b12e 100644 --- a/media/mp3/mp3_stream_parser_unittest.cc +++ b/media/mp3/mp3_stream_parser_unittest.cc @@ -165,6 +165,8 @@ TEST_F(MP3StreamParserTest, UnalignedAppend512) { "NewSegment" "{ 0K }" "{ 26K 52K 78K 104K }" + "EndOfSegment" + "NewSegment" "{ 130K 156K 182K }" "{ 208K 235K 261K 287K }" "{ 313K }" |