diff options
| -rw-r--r-- | media/libstagefright/MPEG4Extractor.cpp | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp index 92135ea..0c6f74c 100644 --- a/media/libstagefright/MPEG4Extractor.cpp +++ b/media/libstagefright/MPEG4Extractor.cpp @@ -1529,7 +1529,11 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) { { if (mFileMetaData != NULL) { ALOGV("chunk_data_size = %lld and data_offset = %lld", - chunk_data_size, data_offset); + (long long)chunk_data_size, (long long)data_offset); + + if (chunk_data_size >= SIZE_MAX - 1) { + return ERROR_MALFORMED; + } uint8_t *buffer = new uint8_t[chunk_data_size + 1]; if (mDataSource->readAt( data_offset, buffer, chunk_data_size) != (ssize_t)chunk_data_size) { |