commit | 2674a7218eaa3c87f2ee26d26da5b9170e10f859 | [log] [tgz] |
---|---|---|
author | Joshua J. Drake <android-open-source@qoop.org> | Mon May 04 18:36:35 2015 -0500 |
committer | The Android Automerger <android-build@android.com> | Thu Jul 09 14:09:31 2015 -0700 |
tree | e64a835dfdcee3ecd19006764f578518fae4377b | |
parent | e846a5f367030f1c7916fb841953bdf82a763822 [diff] |
Prevent integer overflow when processing covr MPEG4 atoms If the 'chunk_data_size' value is SIZE_MAX, an integer overflow will occur and cause an undersized buffer to be allocated. The following processing then overfills the resulting memory and creates a potentially exploitable condition. Ensure that integer overflow does not occur. Bug: 20923261 Change-Id: I75cce323aec04a612e5a230ecd7c2077ce06035f