MatroskaExtractor: detect infinite loop when parsing NALs (0071d87e) · Commits · e / os / android_frameworks_av

media/libstagefright/matroska/MatroskaExtractor.cpp

+7 −1

Original line number	Diff line number	Diff line
		@@ -21,6 +21,7 @@
		#include "MatroskaExtractor.h"

		#include <media/stagefright/foundation/ADebug.h>
		#include <media/stagefright/foundation/AUtils.h>
		#include <media/stagefright/foundation/hexdump.h>
		#include <media/stagefright/DataSource.h>
		#include <media/stagefright/MediaBuffer.h>
		@@ -631,7 +632,12 @@ status_t MatroskaSource::read(
		TRESPASS();
		}

		if (srcOffset + mNALSizeLen + NALsize > srcSize) {
		if (srcOffset + mNALSizeLen + NALsize <= srcOffset + mNALSizeLen) {
		frame->release();
		frame = NULL;

		return ERROR_MALFORMED;
		} else if (srcOffset + mNALSizeLen + NALsize > srcSize) {
		break;
		}