Fix several ineffective integer overflow checks (030d8d0a) · Commits · e / os / android_frameworks_av

media/libstagefright/SampleTable.cpp

+3 −3

Original line number	Original line	Diff line number	Diff line
	@@ -330,7 +330,7 @@ status_t SampleTable::setTimeToSampleParams(
	}		}

	mTimeToSampleCount = U32_AT(&header[4]);		mTimeToSampleCount = U32_AT(&header[4]);
	uint64_t allocSize = mTimeToSampleCount * 2 * sizeof(uint32_t);		uint64_t allocSize = mTimeToSampleCount * 2 * (uint64_t)sizeof(uint32_t);
	if (allocSize > SIZE_MAX) {		if (allocSize > SIZE_MAX) {
	return ERROR_OUT_OF_RANGE;		return ERROR_OUT_OF_RANGE;
	}		}
	@@ -376,7 +376,7 @@ status_t SampleTable::setCompositionTimeToSampleParams(
	}		}

	mNumCompositionTimeDeltaEntries = numEntries;		mNumCompositionTimeDeltaEntries = numEntries;
	uint64_t allocSize = numEntries * 2 * sizeof(uint32_t);		uint64_t allocSize = numEntries * 2 * (uint64_t)sizeof(uint32_t);
	if (allocSize > SIZE_MAX) {		if (allocSize > SIZE_MAX) {
	return ERROR_OUT_OF_RANGE;		return ERROR_OUT_OF_RANGE;
	}		}
	@@ -426,7 +426,7 @@ status_t SampleTable::setSyncSampleParams(off64_t data_offset, size_t data_size)
	ALOGV("Table of sync samples is empty or has only a single entry!");		ALOGV("Table of sync samples is empty or has only a single entry!");
	}		}

	uint64_t allocSize = mNumSyncSamples * sizeof(uint32_t);		uint64_t allocSize = mNumSyncSamples * (uint64_t)sizeof(uint32_t);
	if (allocSize > SIZE_MAX) {		if (allocSize > SIZE_MAX) {
	return ERROR_OUT_OF_RANGE;		return ERROR_OUT_OF_RANGE;
	}		}