commit 2df264dca7e676e9eaf03bb6152a41eef809b07a
author Chris Craik <ccraik@google.com> Wed Nov 16 10:33:54 2016 -0800
committer Feng Yu <feny@google.com> Thu Nov 17 13:48:12 2016 -0800
tree aca9d7d0418cb61aa97218f73224c7e03349adcb
parent 62f48dbb7eb018c721c3a14f0d0f03395bced54a

resolve merge conflicts of 3802db4 to mnc-dev

bug:32338390
Change-Id: I304c0c8c646808e690918eae7d34f0852e2b0fa8

framesequence/jni/FrameSequence_webp.cpp

diff --git a/framesequence/jni/FrameSequence_webp.cpp b/framesequence/jni/FrameSequence_webp.cpp
index c33a7e2..034847a 100644
--- a/framesequence/jni/FrameSequence_webp.cpp
+++ b/framesequence/jni/FrameSequence_webp.cpp
@@ -84,7 +84,10 @@
 #endif
 }
 
-FrameSequence_webp::FrameSequence_webp(Stream* stream) {
+FrameSequence_webp::FrameSequence_webp(Stream* stream)
+        : mDemux(NULL)
+        , mIsKeyFrame(NULL)
+        , mRawByteBuffer(NULL) {
     if (stream->getRawBuffer() != NULL) {
         mData.size = stream->getRawBufferSize();
         mData.bytes = stream->getRawBufferAddr();
@@ -96,7 +99,12 @@
             ALOGE("WebP header load failed");
             return;
         }
-        mData.size = CHUNK_HEADER_SIZE + GetLE32(riff_header + TAG_SIZE);
+        uint32_t readSize = GetLE32(riff_header + TAG_SIZE);
+        if (readSize > MAX_CHUNK_PAYLOAD) {
+            ALOGE("WebP got header size too large");
+            return;
+        }
+        mData.size = CHUNK_HEADER_SIZE + readSize;
         mData.bytes = new uint8_t[mData.size];
         memcpy((void*)mData.bytes, riff_header, RIFF_HEADER_SIZE);
 

framesequence/jni/FrameSequence_webp.h

diff --git a/framesequence/jni/FrameSequence_webp.h b/framesequence/jni/FrameSequence_webp.h
index 94dcc3b..a29574c 100644
--- a/framesequence/jni/FrameSequence_webp.h
+++ b/framesequence/jni/FrameSequence_webp.h
@@ -32,10 +32,16 @@
     virtual ~FrameSequence_webp();
 
     virtual int getWidth() const {
+        if (!mDemux) {
+            return 0;
+        }
         return WebPDemuxGetI(mDemux, WEBP_FF_CANVAS_WIDTH);
     }
 
     virtual int getHeight() const {
+        if (!mDemux) {
+            return 0;
+        }
         return WebPDemuxGetI(mDemux, WEBP_FF_CANVAS_HEIGHT);
     }
 
@@ -44,6 +50,9 @@
     }
 
     virtual int getFrameCount() const {
+        if (!mDemux) {
+            return 0;
+        }
         return WebPDemuxGetI(mDemux, WEBP_FF_FRAME_COUNT);
     }