commit | 62da9cd2ad06388981f765249cf5537792df9842 | [log] [tgz] |
---|---|---|
author | Marco Nelissen <marcone@google.com> | Tue May 14 10:53:06 2019 -0700 |
committer | android-build-team Robot <android-build-team-robot@google.com> | Wed Jun 12 09:54:59 2019 +0000 |
tree | 892ce8c18fd81bdae4bbb7b08edf7810f9877116 | |
parent | 1f76f20b2f14b2f08934380c65bf1495e29b969f [diff] |
Fix overflow/dos in 3gg text description parsing Bug: 124781927 Test: run pocs Change-Id: I8765ac9746c3de7d711ef866d4ec0e29972320c0 (cherry picked from commit 851e22d1dc89a7f708b9d2b56947f69cd1a08b94)
diff --git a/media/libstagefright/timedtext/TextDescriptions.cpp b/media/libstagefright/timedtext/TextDescriptions.cpp index 088eaae..0dc7722 100644 --- a/media/libstagefright/timedtext/TextDescriptions.cpp +++ b/media/libstagefright/timedtext/TextDescriptions.cpp
@@ -383,7 +383,7 @@ tmpData += 8; size_t remaining = size - 8; - if (size < chunkSize) { + if (chunkSize <= 8 || size < chunkSize) { return OK; } switch(chunkType) {