Fix potential overflow
Bug: 28533562
Change-Id: I798ab24caa4c81f3ba564cad7c9ee019284fb702
(cherry picked from commit d0090759e79208d7203280166018bb7d5d4f9d02)
diff --git a/media/libstagefright/codecs/on2/h264dec/source/h264bsd_dpb.c b/media/libstagefright/codecs/on2/h264dec/source/h264bsd_dpb.c
index 9517d0a..799bd16 100644
--- a/media/libstagefright/codecs/on2/h264dec/source/h264bsd_dpb.c
+++ b/media/libstagefright/codecs/on2/h264dec/source/h264bsd_dpb.c
@@ -60,6 +60,7 @@
#include "h264bsd_util.h"
#include "basetype.h"
+#include <log/log.h>
/*------------------------------------------------------------------------------
2. External compiler flags
--------------------------------------------------------------------------------
@@ -998,6 +999,13 @@
ASSERT(maxFrameNum);
ASSERT(dpbSize);
+ // see comment in loop below about size calculation
+ if (picSizeInMbs > (UINT32_MAX - 32 - 15) / 384) {
+ ALOGE("b/28533562");
+ android_errorWriteLog(0x534e4554, "28533562");
+ return(MEMORY_ALLOCATION_ERROR);
+ }
+
dpb->maxLongTermFrameIdx = NO_LONG_TERM_FRAME_INDICES;
dpb->maxRefFrames = MAX(maxRefFrames, 1);
if (noReordering)