05ddc499b9d50c90f552ed1333110f28a1406e7c - platform_frameworks_av

commit	05ddc499b9d50c90f552ed1333110f28a1406e7c	[log] [tgz]
author	Joshua J. Drake <android-open-source@qoop.org>	Mon May 04 18:36:35 2015 -0500
committer	Wei Jia <wjia@google.com>	Wed Jun 03 16:12:18 2015 -0700
tree	87c183e1a3a5d82202aa85fe81c6ad317f4d6da1
parent	0e27e080c255b23b4b0e19cb3bc9519cc162b73f [diff]

Prevent integer overflow when processing covr MPEG4 atoms

If the 'chunk_data_size' value is SIZE_MAX, an integer overflow will occur
and cause an undersized buffer to be allocated. The following processing
then overfills the resulting memory and creates a potentially exploitable
condition. Ensure that integer overflow does not occur.

Bug: 20923261
Change-Id: I75cce323aec04a612e5a230ecd7c2077ce06035f

media/libstagefright/MPEG4Extractor.cpp[diff]

1 file changed

tree: 87c183e1a3a5d82202aa85fe81c6ad317f4d6da1

camera/
cmds/
drm/
include/
libvideoeditor/
media/
services/
tools/
CleanSpec.mk
MODULE_LICENSE_APACHE2
NOTICE