From 7bf55c9cb03af91c92071c07e4206936b04b397c Mon Sep 17 00:00:00 2001 From: Wei Jia Date: Wed, 12 Aug 2015 10:08:41 -0700 Subject: libstagefright: fix possible overflow in amrwbenc. Bug: 23142203 Change-Id: I309df51e4df6412655f04cc093d792bf6c7944f7 (cherry picked from commit 9dd01777aa14bbb90a6cdccf97383bb4e3d717a5) Tested-by: Wolfgang Wiedmeyer --- media/libstagefright/codecs/amrwbenc/src/util.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/media/libstagefright/codecs/amrwbenc/src/util.c b/media/libstagefright/codecs/amrwbenc/src/util.c index 76ab1b1..333140d 100644 --- a/media/libstagefright/codecs/amrwbenc/src/util.c +++ b/media/libstagefright/codecs/amrwbenc/src/util.c @@ -35,9 +35,10 @@ void Set_zero( ) { Word32 num = (Word32)L; - do{ + while (num > 0) { *x++ = 0; - }while(--num !=0); + --num; + } } @@ -54,20 +55,22 @@ void Copy( ) { Word32 temp1,temp2,num; + if (L <= 0) { + return; + } if(L&1) { temp1 = *x++; *y++ = temp1; } num = (Word32)(L>>1); - temp1 = *x++; - temp2 = *x++; - do{ - *y++ = temp1; - *y++ = temp2; + while (num > 0) { temp1 = *x++; temp2 = *x++; - }while(--num!=0); + *y++ = temp1; + *y++ = temp2; + --num; + } } -- cgit v1.1