Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0e20b209 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX 

chunk_size is a uint64_t, so it can legitimately be bigger
than SIZE_MAX, which would cause the subtraction to underflow.

https://code.google.com/p/android/issues/detail?id=182251

Bug: 23034759
Change-Id: Ic1637fb26bf6edb0feb1bcf2876fd370db1ed547
parent c87faed6

media/libstagefright/MPEG4Extractor.cpp

+1 −1
Original line number Original line Diff line number Diff line
@@ -1397,7 +1397,7 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) { 
                size = 0;

                size = 0;

            }

            }





            if (SIZE_MAX - chunk_size <= size) {

            if ((chunk_size > SIZE_MAX) || (SIZE_MAX - chunk_size <= size)) {

                return ERROR_MALFORMED;

                return ERROR_MALFORMED;

            }

            }