9ad031163bab5066619e75de768106ee57b39dcf - platform/frameworks/av

commit	9ad031163bab5066619e75de768106ee57b39dcf	[log] [tgz]
author	Joshua J. Drake <android-open-source@qoop.org>	Mon May 04 18:36:35 2015 -0500
committer	Jon Larimer <jlarimer@google.com>	Fri Jul 31 15:05:23 2015 -0400
tree	c84b438eaa6a89c1adfb11cc868467af72a99e68
parent	f6dda8df18979200a27ca462a9dfa38c11a0e80c [diff]

Prevent integer overflow when processing covr MPEG4 atoms

If the 'chunk_data_size' value is SIZE_MAX, an integer overflow will occur
and cause an undersized buffer to be allocated. The following processing
then overfills the resulting memory and creates a potentially exploitable
condition. Ensure that integer overflow does not occur.

Bug: 20923261
Change-Id: I75cce323aec04a612e5a230ecd7c2077ce06035f

media/libstagefright/MPEG4Extractor.cpp[diff]

1 file changed

tree: c84b438eaa6a89c1adfb11cc868467af72a99e68

camera/
cmds/
drm/
include/
media/
services/
soundtrigger/
tools/
CleanSpec.mk
MODULE_LICENSE_APACHE2
NOTICE