Fix potential overflow in WAV extractor (0620d80c) · Commits · e / os / android_frameworks_av

media/extractors/wav/WAVExtractor.cpp

+7 −7

Original line number	Original line	Diff line number	Diff line
	@@ -93,9 +93,9 @@ private:
	AMediaFormat *mMeta;		AMediaFormat *mMeta;
	uint16_t mWaveFormat;		uint16_t mWaveFormat;
	const bool mOutputFloat;		const bool mOutputFloat;
	int32_t mSampleRate;		uint32_t mSampleRate;
	int32_t mNumChannels;		uint32_t mNumChannels;
	int32_t mBitsPerSample;		uint32_t mBitsPerSample;
	off64_t mOffset;		off64_t mOffset;
	size_t mSize;		size_t mSize;
	bool mStarted;		bool mStarted;
	@@ -377,9 +377,9 @@ WAVSource::WAVSource(
	mOffset(offset),		mOffset(offset),
	mSize(size),		mSize(size),
	mStarted(false) {		mStarted(false) {
	CHECK(AMediaFormat_getInt32(mMeta, AMEDIAFORMAT_KEY_SAMPLE_RATE, &mSampleRate));		CHECK(AMediaFormat_getInt32(mMeta, AMEDIAFORMAT_KEY_SAMPLE_RATE, (int32_t*) &mSampleRate));
	CHECK(AMediaFormat_getInt32(mMeta, AMEDIAFORMAT_KEY_CHANNEL_COUNT, &mNumChannels));		CHECK(AMediaFormat_getInt32(mMeta, AMEDIAFORMAT_KEY_CHANNEL_COUNT, (int32_t*) &mNumChannels));
	CHECK(AMediaFormat_getInt32(mMeta, AMEDIAFORMAT_KEY_BITS_PER_SAMPLE, &mBitsPerSample));		CHECK(AMediaFormat_getInt32(mMeta, AMEDIAFORMAT_KEY_BITS_PER_SAMPLE, (int32_t*) &mBitsPerSample));
	}		}

	WAVSource::~WAVSource() {		WAVSource::~WAVSource() {
	@@ -470,7 +470,7 @@ media_status_t WAVSource::read(
	}		}

	const size_t maxBytesAvailable =		const size_t maxBytesAvailable =
	(mCurrentPos - mOffset >= (off64_t)mSize)		(mCurrentPos < mOffset \|\| mCurrentPos - mOffset >= (off64_t)mSize)
	? 0 : mSize - (mCurrentPos - mOffset);		? 0 : mSize - (mCurrentPos - mOffset);

	if (maxBytesToRead > maxBytesAvailable) {		if (maxBytesToRead > maxBytesAvailable) {