Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-18 07:45:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1154683: Fix potential size overflow. r=kentuckyfriedtakahe

Browse Source
This commit is contained in:
Jean-Yves Avenard 2015-04-20 14:35:45 +10:00
parent 0394e1102c
commit 0e46a78213
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp
View File

@ -1843,6 +1843,10 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
size = 0;
}
// Make sure (size + chunk_size) isn't going to overflow.
if (size > (size_t)-1 - chunk_size) {
return ERROR_MALFORMED;
}
uint8_t *buffer = new uint8_t[size + chunk_size];
if (size > 0) {
@ -2689,6 +2693,11 @@ status_t MPEG4Source::parseChunk(off64_t *offset) {
return ERROR_MALFORMED;
}
if (chunk_size >= INT32_MAX - 128) {
// Could cause an overflow later. Abort.
return ERROR_MALFORMED;
}
char chunk[5];
MakeFourCCString(chunk_type, chunk);
ALOGV("MPEG4Source chunk %s @ %llx", chunk, *offset);