summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRobert Shih <robertshih@google.com>2015-07-16 15:04:12 -0700
committerWolfgang Wiedmeyer <wolfgit@wiedmeyer.de>2015-10-19 02:43:41 +0200
commitc941cf0ca5ee0a74f26846cae725088026f50303 (patch)
treed88af1d10ef8949148f89fdd90eff461277adcaa
parent9343dc079d25d194738eabe5e1ca3166417c531f (diff)
downloadframeworks_av-c941cf0ca5ee0a74f26846cae725088026f50303.zip
frameworks_av-c941cf0ca5ee0a74f26846cae725088026f50303.tar.gz
frameworks_av-c941cf0ca5ee0a74f26846cae725088026f50303.tar.bz2
MatroskaExtractor: detect infinite loop when parsing NALs
Bug: 21335999 Change-Id: I76bd34610e52048ffcf16e41aa6175afc8a14ee4 (cherry picked from commit 2dcf6138ebc9c5688aeae151d2fbde55a2826128) Tested-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
Diffstat
-rw-r--r--media/libstagefright/matroska/MatroskaExtractor.cpp8
1 files changed, 7 insertions, 1 deletions
diff --git a/media/libstagefright/matroska/MatroskaExtractor.cpp b/media/libstagefright/matroska/MatroskaExtractor.cpp
index 8f7d12b..4897ee7 100644
--- a/media/libstagefright/matroska/MatroskaExtractor.cpp
+++ b/media/libstagefright/matroska/MatroskaExtractor.cpp
@@ -23,6 +23,7 @@
#include "mkvparser.hpp"
#include <media/stagefright/foundation/ADebug.h>
+#include <media/stagefright/foundation/AUtils.h>
#include <media/stagefright/foundation/hexdump.h>
#include <media/stagefright/DataSource.h>
#include <media/stagefright/MediaBuffer.h>
@@ -563,7 +564,12 @@ status_t MatroskaSource::read(
TRESPASS();
}
- if (srcOffset + mNALSizeLen + NALsize > srcSize) {
+ if (srcOffset + mNALSizeLen + NALsize <= srcOffset + mNALSizeLen) {
+ frame->release();
+ frame = NULL;
+
+ return ERROR_MALFORMED;
+ } else if (srcOffset + mNALSizeLen + NALsize > srcSize) {
break;
}
generated by cgit v1.1 at 2024-04-26 15:02:49 +0000