Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 16c8f0dd authored by shaohongsheng's avatar shaohongsheng Committed by Jia Jia
Browse files

SampleIterator: fix sizeof bug in getSampleSizeDirect. 



Incorrect sizeof(*size) in SampleIterator::getSampleSizeDirect
potentially leads to file size overflow.

Test: Create m4a file with stsz box in the end of file and play it.

Change-Id: Ic8a073de2dfc35890ce65a03dd5ed9343a6ff007

Signed-off-by: default avatarJia Jia <jia.jia@zte.com.cn>
parent 18977849

media/libstagefright/SampleIterator.cpp

+3 −2
Original line number Diff line number Diff line
@@ -244,13 +244,14 @@ status_t SampleIterator::getSampleSizeDirect( 
    switch (mTable->mSampleSizeFieldSize) {

        case 32:

        {

            uint32_t x;

            if (mTable->mDataSource->readAt(

                        mTable->mSampleSizeOffset + 12 + 4 * sampleIndex,

                        size, sizeof(*size)) < (ssize_t)sizeof(*size)) {

                        &x, sizeof(x)) < (ssize_t)sizeof(x)) {

                return ERROR_IO;

            }



            *size = ntohl(*size);

            *size = ntohl(x);

            break;

        }