| commit | f1ce97ddc2f82d844a6fb8341585eb7b2e655f44 | [log] [tgz] |
|---|---|---|
| author | Joshua J. Drake <android-open-source@qoop.org> | Mon May 04 18:29:08 2015 -0500 |
| committer | Nick Kralevich <nnk@google.com> | Tue Aug 04 13:58:19 2015 -0700 |
| tree | 0fd7091aa0a69a3bdb5421b0d1bedff8478def7b | |
| parent | a81b3779cc6f6046c8a9149bf544e9d726c9b2b2 [diff] |
Fix integer overflow when handling MPEG4 tx3g atom When the sum of the 'size' and 'chunk_size' variables is larger than 2^32, an integer overflow occurs. Using the result value to allocate memory leads to an undersized buffer allocation and later a potentially exploitable heap corruption condition. Ensure that integer overflow does not occur. Bug: 20923261 (cherry picked from commit e5f0966c76bd0a7e81e4205c8d8b55e6b34c833e) Change-Id: I3f240f75fd681becbf89cb7e7554388471c28059