4a492bf2ac47b9844d2527e1fcdf0064c3d8d52e - platform_frameworks_av

commit	4a492bf2ac47b9844d2527e1fcdf0064c3d8d52e	[log] [tgz]
author	Joshua J. Drake <android-open-source@qoop.org>	Mon May 04 17:14:11 2015 -0500
committer	Lajos Molnar <lajos@google.com>	Wed Jun 03 15:24:49 2015 -0700
tree	a9dcf72a59dc7cf094b8ed1a88775b674473e5b4
parent	0e27e080c255b23b4b0e19cb3bc9519cc162b73f [diff]

Fix integer underflow in covr MPEG4 processing

When the 'chunk_data_size' variable is less than 'kSkipBytesOfDataBox', an
integer underflow can occur. This causes an extraordinarily large value to
be passed to MetaData::setData, leading to a buffer overflow.

Bug: 20923261
Change-Id: Icd28f63594ad941eabb3a12c750a4a2d5d2bf94b

media/libstagefright/MPEG4Extractor.cpp[diff]

1 file changed

tree: a9dcf72a59dc7cf094b8ed1a88775b674473e5b4

camera/
cmds/
drm/
include/
libvideoeditor/
media/
services/
tools/
CleanSpec.mk
MODULE_LICENSE_APACHE2
NOTICE