Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5a06395e authored by Iván Budnik's avatar Iván Budnik Committed by Android Build Coastguard Worker
Browse files

Fix Out of Bounds read in TextDescriptions.cpp 

Fixing vulnerability in extract3GGPGlobalDescriptions() in
TextDescriptions.cpp

Bug: 233735886
Test: Run related PoC. See bug.
Change-Id: I87955b911d0a40390755321d332a11ecc9b20354
(cherry picked from commit b63d4e78)
Merged-In: I87955b911d0a40390755321d332a11ecc9b20354
parent 15afea54

media/libstagefright/timedtext/TextDescriptions.cpp

+4 −0
Original line number Diff line number Diff line
@@ -466,6 +466,10 @@ status_t TextDescriptions::extract3GPPGlobalDescriptions( 


                if (subChunkType == FOURCC('f', 't', 'a', 'b'))

                {

                    if(subChunkSize < 8) {

                        return OK;

                    }



                    tmpData += 8;

                    size_t subChunkRemaining = subChunkSize - 8;