Limit allocations to avoid out-of-memory
Corrupt files could cause very large allocations, limit them to something
more reasonable.
Bug: 17769851
Change-Id: Ib0f722fd6fddff873bd7a547aac456e608c34c84
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index 72c5091..146d3af 100644
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -3088,16 +3088,24 @@
mWantsNALFragments = false;
}
+ int32_t tmp;
+ CHECK(mFormat->findInt32(kKeyMaxInputSize, &tmp));
+ size_t max_size = tmp;
+
+ // A somewhat arbitrary limit that should be sufficient for 8k video frames
+ // If you see the message below for a valid input stream: increase the limit
+ if (max_size > 64 * 1024 * 1024) {
+ ALOGE("bogus max input size: %zu", max_size);
+ return ERROR_MALFORMED;
+ }
mGroup = new MediaBufferGroup;
-
- int32_t max_size;
- CHECK(mFormat->findInt32(kKeyMaxInputSize, &max_size));
-
mGroup->add_buffer(new MediaBuffer(max_size));
mSrcBuffer = new (std::nothrow) uint8_t[max_size];
if (mSrcBuffer == NULL) {
// file probably specified a bad max size
+ delete mGroup;
+ mGroup = NULL;
return ERROR_MALFORMED;
}
