Fix overflow/dos in 3gg text description parsing Bug: 124781927 Test: run pocs Change-Id: I8765ac9746c3de7d711ef866d4ec0e29972320c0 (cherry picked from commit 851e22d1dc89a7f708b9d2b56947f69cd1a08b94)

commit: 978b5a60857b71f631be346be2dce2ccf1412841 [log] [tgz]
author: Marco Nelissen <marcone@google.com> Tue May 14 10:53:06 2019 -0700
committer: Nikoli Cartagena <dargeren@google.com> Mon Jun 10 11:34:54 2019 -0700
tree: 5aab4a325f529d9adcee2c4a0d34b361497ecc9a
parent: 9f364e1dbbd8fd88c52b07c209e395e1a1b21131 [diff]
diff --git a/media/libstagefright/timedtext/TextDescriptions.cpp b/media/libstagefright/timedtext/TextDescriptions.cpp
index c762a74..83d15a2 100644
--- a/media/libstagefright/timedtext/TextDescriptions.cpp
+++ b/media/libstagefright/timedtext/TextDescriptions.cpp

@@ -383,7 +383,7 @@
         tmpData += 8;
         size_t remaining = size - 8;
 
-        if (size < chunkSize) {
+        if (chunkSize <= 8 || size < chunkSize) {
             return OK;
         }
         switch(chunkType) {
commit	978b5a60857b71f631be346be2dce2ccf1412841	[log] [tgz]
author	Marco Nelissen <marcone@google.com>	Tue May 14 10:53:06 2019 -0700
committer	Nikoli Cartagena <dargeren@google.com>	Mon Jun 10 11:34:54 2019 -0700
tree	5aab4a325f529d9adcee2c4a0d34b361497ecc9a
parent	9f364e1dbbd8fd88c52b07c209e395e1a1b21131 [diff]