commit | 88f7f05d50e4a1e1ec5dcad237d2ec1623d16a75 | [log] [tgz] |
---|---|---|
author | Marco Nelissen <marcone@google.com> | Tue May 14 10:53:06 2019 -0700 |
committer | Nikoli Cartagena <dargeren@google.com> | Mon Jun 10 11:35:26 2019 -0700 |
tree | a4cab8dfdf97b601c5c6c7d1caf8c0e59694296f | |
parent | f0ade46efc9a6d7337da14ae1473bc8fc875e448 [diff] |
Fix overflow/dos in 3gg text description parsing Bug: 124781927 Test: run pocs Change-Id: I8765ac9746c3de7d711ef866d4ec0e29972320c0 (cherry picked from commit 851e22d1dc89a7f708b9d2b56947f69cd1a08b94)
diff --git a/media/libstagefright/timedtext/TextDescriptions.cpp b/media/libstagefright/timedtext/TextDescriptions.cpp index c762a74..83d15a2 100644 --- a/media/libstagefright/timedtext/TextDescriptions.cpp +++ b/media/libstagefright/timedtext/TextDescriptions.cpp
@@ -383,7 +383,7 @@ tmpData += 8; size_t remaining = size - 8; - if (size < chunkSize) { + if (chunkSize <= 8 || size < chunkSize) { return OK; } switch(chunkType) {