commit | 97d45dbfdfc9018f1cbf72641c1447ff59431ae3 | [log] [tgz] |
---|---|---|
author | Joshua J. Drake <android-open-source@qoop.org> | Mon May 04 17:14:11 2015 -0500 |
committer | Nick Kralevich <nnk@google.com> | Thu May 07 20:25:05 2015 -0700 |
tree | c067e108ec5aab67bf505d36b3b3e1299ef4ea4c | |
parent | 3f4431e97376b8a315ad8862724e1e1fb34c9292 [diff] |
Fix integer underflow in covr MPEG4 processing When the 'chunk_data_size' variable is less than 'kSkipBytesOfDataBox', an integer underflow can occur. This causes an extraordinarily large value to be passed to MetaData::setData, leading to a buffer overflow. Bug: 20923261 Change-Id: Icd28f63594ad941eabb3a12c750a4a2d5d2bf94b