Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-24 13:21:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1216748 - p4. Check other Metadata::setData uses - r=rillian

Browse Source 
Found only one other use that needed better checks: the size of the pssh
data was only checked after all items were added up; so it would be
possible to create a set of big items such that they create an overflow,
but the final sum looks reasonable.
Instead each item size should be checked, and the sum should also be
checked at each step.
This commit is contained in:
Gerald Squelart 2015-11-11 12:36:26 +01:00
parent 11139b4935
commit 305f63eb74
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp
View File

@ -514,9 +514,10 @@ status_t MPEG4Extractor::readMetaData() {
uint64_t psshsize = 0;
for (size_t i = 0; i < mPssh.Length(); i++) {
psshsize += 20 + mPssh[i].datalen;
}
if (psshsize > kMAX_ALLOCATION) {
return ERROR_MALFORMED;
if (mPssh[i].datalen > kMAX_ALLOCATION - 20 ||
psshsize > kMAX_ALLOCATION) {
return ERROR_MALFORMED;
}
}
if (psshsize) {
char *buf = (char*)malloc(psshsize);