commit | b9bd167f956dd4846db4385a33c46adfe7b0d82b | [log] [tgz] |
---|---|---|
author | Joshua J. Drake <android-open-source@qoop.org> | Mon May 04 18:36:35 2015 -0500 |
committer | The Android Automerger <android-build@android.com> | Mon Jul 27 12:38:26 2015 -0700 |
tree | 80b897570c0b60bca83b6f70c957e11f0b01d67f | |
parent | 93ba37d2fe2cd952723419705e8223429ac8d3b0 [diff] |
Prevent integer overflow when processing covr MPEG4 atoms If the 'chunk_data_size' value is SIZE_MAX, an integer overflow will occur and cause an undersized buffer to be allocated. The following processing then overfills the resulting memory and creates a potentially exploitable condition. Ensure that integer overflow does not occur. Bug: 20923261 Change-Id: I75cce323aec04a612e5a230ecd7c2077ce06035f