Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_av / a81b3779cc6f6046c8a9149bf544e9d726c9b2b2
commita81b3779cc6f6046c8a9149bf544e9d726c9b2b2[log] [tgz]
authorJoshua J. Drake <android-open-source@qoop.org>Mon May 04 18:36:35 2015 -0500
committerNick Kralevich <nnk@google.com>Tue Aug 04 13:58:14 2015 -0700
tree271fbb625ce340259990cd50b7cd02e622f1aaf0
parent738a753a3ca7bf8f9f608ca941575626265294e4 [diff]
Prevent integer overflow when processing covr MPEG4 atoms

If the 'chunk_data_size' value is SIZE_MAX, an integer overflow will occur
and cause an undersized buffer to be allocated. The following processing
then overfills the resulting memory and creates a potentially exploitable
condition. Ensure that integer overflow does not occur.

(cherrypicked from commit 05ddc499b9d50c90f552ed1333110f28a1406e7c)

Bug: 20923261
Change-Id: If09a02738759acdff8d95149bb9cb5f18a0a123e
1 file changed
tree: 271fbb625ce340259990cd50b7cd02e622f1aaf0
  1. camera/
  2. cmds/
  3. drm/
  4. include/
  5. libvideoeditor/
  6. media/
  7. services/
  8. MODULE_LICENSE_APACHE2
  9. NOTICE