Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_av / 9ad031163bab5066619e75de768106ee57b39dcf
commit9ad031163bab5066619e75de768106ee57b39dcf[log] [tgz]
authorJoshua J. Drake <android-open-source@qoop.org>Mon May 04 18:36:35 2015 -0500
committerJon Larimer <jlarimer@google.com>Fri Jul 31 15:05:23 2015 -0400
treec84b438eaa6a89c1adfb11cc868467af72a99e68
parentf6dda8df18979200a27ca462a9dfa38c11a0e80c [diff]
Prevent integer overflow when processing covr MPEG4 atoms

If the 'chunk_data_size' value is SIZE_MAX, an integer overflow will occur
and cause an undersized buffer to be allocated. The following processing
then overfills the resulting memory and creates a potentially exploitable
condition. Ensure that integer overflow does not occur.

Bug: 20923261
Change-Id: I75cce323aec04a612e5a230ecd7c2077ce06035f
1 file changed
tree: c84b438eaa6a89c1adfb11cc868467af72a99e68
  1. camera/
  2. cmds/
  3. drm/
  4. include/
  5. media/
  6. services/
  7. soundtrigger/
  8. tools/
  9. CleanSpec.mk
  10. MODULE_LICENSE_APACHE2
  11. NOTICE