1e51401794ff830c912c21123c321b83c17b491d - platform_frameworks_av

commit	1e51401794ff830c912c21123c321b83c17b491d	[log] [tgz]
author	Joshua J. Drake <android-open-source@qoop.org>	Mon May 04 18:36:35 2015 -0500
committer	Nick Kralevich <nnk@google.com>	Thu May 07 20:41:00 2015 -0700
tree	78b5ecab59db882c9ce558d5946579703a7732f8
parent	f9d108cec6710dd35baaa8573eb6d38161240b98 [diff]

Prevent integer overflow when processing covr MPEG4 atoms

If the 'chunk_data_size' value is SIZE_MAX, an integer overflow will occur
and cause an undersized buffer to be allocated. The following processing
then overfills the resulting memory and creates a potentially exploitable
condition. Ensure that integer overflow does not occur.

Bug: 20923261
Change-Id: I75cce323aec04a612e5a230ecd7c2077ce06035f

media/libstagefright/MPEG4Extractor.cpp[diff]

1 file changed

tree: 78b5ecab59db882c9ce558d5946579703a7732f8

camera/
cmds/
drm/
include/
media/
radio/
services/
soundtrigger/
tools/
CleanSpec.mk
MODULE_LICENSE_APACHE2
NOTICE