Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_av / 5759c46d849fc5ed7faa138637401ee10103a489
commit5759c46d849fc5ed7faa138637401ee10103a489[log] [tgz]
authorRay Essick <essick@google.com>Wed Nov 02 14:16:28 2016 -0700
committerRay Essick <essick@google.com>Wed Nov 09 18:20:14 2016 +0000
treec98eea17c96ce040e4ef0f4dfd401f0ccf2540f7
parentb6cf6d6a303c9a4a656191bf3f3d360c3a9bfe74 [diff]
DO NOT MERGE: defensive parsing of mp3 album art information

several points in stagefrights mp3 album art code
used strlen() to parse user-supplied strings that may be
unterminated, resulting in reading beyond the end of a buffer.

This changes the code to use strnlen() for 8-bit encodings and
strengthens the parsing of 16-bit encodings similarly. It also
reworks how we watch for the end-of-buffer to avoid all over-reads.

Bug: 32377688
Test: crafted mp3's w/ good/bad cover art. See what showed in play music
Change-Id: I479d51e88d3180461cb6ea5540974671cfd84201
(cherry picked from commit 52d02b97a4dc54cff9c4f058eeeab6753c2230a0)
1 file changed
tree: c98eea17c96ce040e4ef0f4dfd401f0ccf2540f7
  1. camera/
  2. cmds/
  3. drm/
  4. include/
  5. media/
  6. services/
  7. soundtrigger/
  8. tools/
  9. CleanSpec.mk
  10. MODULE_LICENSE_APACHE2
  11. NOTICE