Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 212335cb authored by Pawin Vongmasa's avatar Pawin Vongmasa
Browse files

Fix the UAF bug caused by a dead stack variable 

The original code attempts to copy data from a location pointed to by a
local variable that has gone out of scope. This CL moves the copy
operation into the scope.

Test: make cts -j123 && cts-tradefed run cts-dev -m \
CtsMediaTestCases --compatibility:module-arg \
CtsMediaTestCases:include-annotation:\
android.platform.test.annotations.RequiresDevice

Bug: 63773604
Change-Id: I980630b6ac30875c2df65664668d4d6b7414f3a7
parent d371ee54

media/libstagefright/MPEG4Writer.cpp

+5 −3
Original line number Diff line number Diff line
@@ -1860,10 +1860,12 @@ void MPEG4Writer::Track::getCodecSpecificDataFromInputFormatIfPossible() { 
            || !strcasecmp(mime, MEDIA_MIMETYPE_AUDIO_AAC)) {

        if (mMeta->findData(kKeyESDS, &type, &data, &size)) {

            ESDS esds(data, size);

            if (esds.getCodecSpecificInfo(&data, &size) != OK) {

                data = NULL;

                size = 0;

            if (esds.getCodecSpecificInfo(&data, &size) == OK &&

                    data != NULL &&

                    copyCodecSpecificData((uint8_t*)data, size) == OK) {

                mGotAllCodecSpecificData = true;

            }

            return;

        }

    }

    if (data != NULL && copyCodecSpecificData((uint8_t *)data, size) == OK) {