summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--media/libstagefright/MPEG4Extractor.cpp7
1 files changed, 7 insertions, 0 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index 0c6f74c..ae592c4 100644
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -1502,7 +1502,14 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
size = 0;
}
+ if (SIZE_MAX - chunk_size <= size) {
+ return ERROR_MALFORMED;
+ }
+
uint8_t *buffer = new uint8_t[size + chunk_size];
+ if (buffer == NULL) {
+ return ERROR_MALFORMED;
+ }
if (size > 0) {
memcpy(buffer, data, size);
generated by cgit v1.1 at 2024-04-27 17:51:22 +0000