commit 3ce293842fed1b3abd2ff0aecd2a0c70a55086ee
author Wei Jia <wjia@google.com> Wed Aug 12 10:08:41 2015 -0700
committer Wei Jia <wjia@google.com> Thu Aug 13 16:49:35 2015 +0000
tree f593018b43c0bedfbb8c578b7b0d7fc8b9536121
parent f51115bd8e44c2779b74477277c6f6046916e7cf

libstagefright: fix possible overflow in amrwbenc.

Bug: 23142203
Change-Id: I309df51e4df6412655f04cc093d792bf6c7944f7
(cherry picked from commit 9dd01777aa14bbb90a6cdccf97383bb4e3d717a5)

media/libstagefright/codecs/amrwbenc/src/util.c

diff --git a/media/libstagefright/codecs/amrwbenc/src/util.c b/media/libstagefright/codecs/amrwbenc/src/util.c
index 76ab1b1..333140d 100644
--- a/media/libstagefright/codecs/amrwbenc/src/util.c
+++ b/media/libstagefright/codecs/amrwbenc/src/util.c
@@ -35,9 +35,10 @@
 	     )
 {
 	Word32 num = (Word32)L;
-	do{
+	while (num > 0) {
 		*x++ = 0;
-	}while(--num !=0);
+                --num;
+	}
 }
 
 
@@ -54,20 +55,22 @@
 	 )
 {
 	Word32	temp1,temp2,num;
+        if (L <= 0) {
+                return;
+        }
 	if(L&1)
 	{
 		temp1 = *x++;
 		*y++ = temp1;
 	}
 	num = (Word32)(L>>1);
-	temp1 = *x++;
-	temp2 = *x++;
-	do{
-		*y++ = temp1;
-		*y++ = temp2;
+	while (num > 0) {
 		temp1 = *x++;
 		temp2 = *x++;
-	}while(--num!=0);
+		*y++ = temp1;
+		*y++ = temp2;
+                --num;
+	}
 }