diff options
| author | Wei Jia <wjia@google.com> | 2015-08-16 17:41:50 -0700 |
|---|---|---|
| committer | Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> | 2015-10-19 02:40:08 +0200 |
| commit | 9343dc079d25d194738eabe5e1ca3166417c531f (patch) | |
| tree | 2a04a2f7f2079f2df00a634d2d5e8e6bf27a9177 | |
| parent | e33fadf02a9d08f71086bd4f1487c0571c828fa2 (diff) | |
| download | frameworks_av-9343dc079d25d194738eabe5e1ca3166417c531f.zip frameworks_av-9343dc079d25d194738eabe5e1ca3166417c531f.tar.gz frameworks_av-9343dc079d25d194738eabe5e1ca3166417c531f.tar.bz2 | |
libstagefright: check remaining data size before parsing it.
Bug: 23248776
Change-Id: I45cf53e58e4375afcf260b122264c968ec0ff6c8
(cherry picked from commit 3bf1e0fdf27e1188b8d3574ed073595b8eacb114)
Tested-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
| -rw-r--r-- | media/libstagefright/id3/ID3.cpp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/media/libstagefright/id3/ID3.cpp b/media/libstagefright/id3/ID3.cpp index 93176c5..112f136 100644 --- a/media/libstagefright/id3/ID3.cpp +++ b/media/libstagefright/id3/ID3.cpp @@ -498,6 +498,9 @@ void ID3::Iterator::getstring(String8 *id, bool otherdata) const { return; } + if (mFrameSize < getHeaderLength() + 1) { + return; + } size_t n = mFrameSize - getHeaderLength() - 1; if (otherdata) { // skip past the encoding, language, and the 0 separator |