Loading media/libstagefright/Utils.cpp +28 −8 Original line number Original line Diff line number Diff line Loading @@ -196,8 +196,10 @@ status_t convertMetaDataToMessage( const uint8_t *ptr = (const uint8_t *)data; const uint8_t *ptr = (const uint8_t *)data; CHECK(size >= 7); if (size < 7 || ptr[0] != 1) { // configurationVersion == 1 CHECK_EQ((unsigned)ptr[0], 1u); // configurationVersion == 1 ALOGE("b/23680780"); return BAD_VALUE; } uint8_t profile __unused = ptr[1]; uint8_t profile __unused = ptr[1]; uint8_t level __unused = ptr[3]; uint8_t level __unused = ptr[3]; Loading @@ -223,7 +225,10 @@ status_t convertMetaDataToMessage( buffer->setRange(0, 0); buffer->setRange(0, 0); for (size_t i = 0; i < numSeqParameterSets; ++i) { for (size_t i = 0; i < numSeqParameterSets; ++i) { CHECK(size >= 2); if (size < 2) { ALOGE("b/23680780"); return BAD_VALUE; } size_t length = U16_AT(ptr); size_t length = U16_AT(ptr); ptr += 2; ptr += 2; Loading Loading @@ -252,13 +257,19 @@ status_t convertMetaDataToMessage( } } buffer->setRange(0, 0); buffer->setRange(0, 0); CHECK(size >= 1); if (size < 1) { ALOGE("b/23680780"); return BAD_VALUE; } size_t numPictureParameterSets = *ptr; size_t numPictureParameterSets = *ptr; ++ptr; ++ptr; --size; --size; for (size_t i = 0; i < numPictureParameterSets; ++i) { for (size_t i = 0; i < numPictureParameterSets; ++i) { CHECK(size >= 2); if (size < 2) { ALOGE("b/23680780"); return BAD_VALUE; } size_t length = U16_AT(ptr); size_t length = U16_AT(ptr); ptr += 2; ptr += 2; Loading @@ -282,8 +293,10 @@ status_t convertMetaDataToMessage( } else if (meta->findData(kKeyHVCC, &type, &data, &size)) { } else if (meta->findData(kKeyHVCC, &type, &data, &size)) { const uint8_t *ptr = (const uint8_t *)data; const uint8_t *ptr = (const uint8_t *)data; CHECK(size >= 7); if (size < 23 || ptr[0] != 1) { // configurationVersion == 1 CHECK_EQ((unsigned)ptr[0], 1u); // configurationVersion == 1 ALOGE("b/23680780"); return BAD_VALUE; } uint8_t profile __unused = ptr[1] & 31; uint8_t profile __unused = ptr[1] & 31; uint8_t level __unused = ptr[12]; uint8_t level __unused = ptr[12]; ptr += 22; ptr += 22; Loading @@ -302,6 +315,10 @@ status_t convertMetaDataToMessage( buffer->setRange(0, 0); buffer->setRange(0, 0); for (i = 0; i < numofArrays; i++) { for (i = 0; i < numofArrays; i++) { if (size < 3) { ALOGE("b/23680780"); return BAD_VALUE; } ptr += 1; ptr += 1; size -= 1; size -= 1; Loading @@ -312,7 +329,10 @@ status_t convertMetaDataToMessage( size -= 2; size -= 2; for (j = 0; j < numofNals; j++) { for (j = 0; j < numofNals; j++) { CHECK(size >= 2); if (size < 2) { ALOGE("b/23680780"); return BAD_VALUE; } size_t length = U16_AT(ptr); size_t length = U16_AT(ptr); ptr += 2; ptr += 2; Loading Loading
media/libstagefright/Utils.cpp +28 −8 Original line number Original line Diff line number Diff line Loading @@ -196,8 +196,10 @@ status_t convertMetaDataToMessage( const uint8_t *ptr = (const uint8_t *)data; const uint8_t *ptr = (const uint8_t *)data; CHECK(size >= 7); if (size < 7 || ptr[0] != 1) { // configurationVersion == 1 CHECK_EQ((unsigned)ptr[0], 1u); // configurationVersion == 1 ALOGE("b/23680780"); return BAD_VALUE; } uint8_t profile __unused = ptr[1]; uint8_t profile __unused = ptr[1]; uint8_t level __unused = ptr[3]; uint8_t level __unused = ptr[3]; Loading @@ -223,7 +225,10 @@ status_t convertMetaDataToMessage( buffer->setRange(0, 0); buffer->setRange(0, 0); for (size_t i = 0; i < numSeqParameterSets; ++i) { for (size_t i = 0; i < numSeqParameterSets; ++i) { CHECK(size >= 2); if (size < 2) { ALOGE("b/23680780"); return BAD_VALUE; } size_t length = U16_AT(ptr); size_t length = U16_AT(ptr); ptr += 2; ptr += 2; Loading Loading @@ -252,13 +257,19 @@ status_t convertMetaDataToMessage( } } buffer->setRange(0, 0); buffer->setRange(0, 0); CHECK(size >= 1); if (size < 1) { ALOGE("b/23680780"); return BAD_VALUE; } size_t numPictureParameterSets = *ptr; size_t numPictureParameterSets = *ptr; ++ptr; ++ptr; --size; --size; for (size_t i = 0; i < numPictureParameterSets; ++i) { for (size_t i = 0; i < numPictureParameterSets; ++i) { CHECK(size >= 2); if (size < 2) { ALOGE("b/23680780"); return BAD_VALUE; } size_t length = U16_AT(ptr); size_t length = U16_AT(ptr); ptr += 2; ptr += 2; Loading @@ -282,8 +293,10 @@ status_t convertMetaDataToMessage( } else if (meta->findData(kKeyHVCC, &type, &data, &size)) { } else if (meta->findData(kKeyHVCC, &type, &data, &size)) { const uint8_t *ptr = (const uint8_t *)data; const uint8_t *ptr = (const uint8_t *)data; CHECK(size >= 7); if (size < 23 || ptr[0] != 1) { // configurationVersion == 1 CHECK_EQ((unsigned)ptr[0], 1u); // configurationVersion == 1 ALOGE("b/23680780"); return BAD_VALUE; } uint8_t profile __unused = ptr[1] & 31; uint8_t profile __unused = ptr[1] & 31; uint8_t level __unused = ptr[12]; uint8_t level __unused = ptr[12]; ptr += 22; ptr += 22; Loading @@ -302,6 +315,10 @@ status_t convertMetaDataToMessage( buffer->setRange(0, 0); buffer->setRange(0, 0); for (i = 0; i < numofArrays; i++) { for (i = 0; i < numofArrays; i++) { if (size < 3) { ALOGE("b/23680780"); return BAD_VALUE; } ptr += 1; ptr += 1; size -= 1; size -= 1; Loading @@ -312,7 +329,10 @@ status_t convertMetaDataToMessage( size -= 2; size -= 2; for (j = 0; j < numofNals; j++) { for (j = 0; j < numofNals; j++) { CHECK(size >= 2); if (size < 2) { ALOGE("b/23680780"); return BAD_VALUE; } size_t length = U16_AT(ptr); size_t length = U16_AT(ptr); ptr += 2; ptr += 2; Loading
