Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b63d4e78 authored by Iván Budnik's avatar Iván Budnik
Browse files

Fix Out of Bounds read in TextDescriptions.cpp 

Fixing vulnerability in extract3GGPGlobalDescriptions() in
TextDescriptions.cpp

Bug: 233735886
Test: Run related PoC. See bug.
Change-Id: I87955b911d0a40390755321d332a11ecc9b20354
parent 726b9eb5

media/libstagefright/timedtext/TextDescriptions.cpp

+4 −0
Original line number Diff line number Diff line
@@ -466,6 +466,10 @@ status_t TextDescriptions::extract3GPPGlobalDescriptions( 


                if (subChunkType == FOURCC('f', 't', 'a', 'b'))

                {

                    if(subChunkSize < 8) {

                        return OK;

                    }



                    tmpData += 8;

                    size_t subChunkRemaining = subChunkSize - 8;