Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2369bda5 authored by Chad Brubaker's avatar Chad Brubaker
Browse files

Fix benign unsigned overflow in OggExtractor 

When computing mCurrentPageSamples it was possible to have a harmless
unsigned integer overflow during the conf pages leading to false
positives with fsanitize integer. To prevent the false positives clamp
the result to 0.

Bug: 23488745
Bug: 23110888
Change-Id: I0769cb4a915d45b00ea43f2abbefe9ee46165cc7
parent 072d9eb2

media/libstagefright/OggExtractor.cpp

+7 −2
Original line number Diff line number Diff line
@@ -567,8 +567,13 @@ status_t MyVorbisExtractor::readNextPacket(MediaBuffer **out, bool conf) { 
            return n < 0 ? n : (status_t)ERROR_END_OF_STREAM;

        }



        // Prevent a harmless unsigned integer overflow by clamping to 0

        if (mCurrentPage.mGranulePosition >= mPrevGranulePosition) {

            mCurrentPageSamples =

                    mCurrentPage.mGranulePosition - mPrevGranulePosition;

        } else {

            mCurrentPageSamples = 0;

        }

        mFirstPacketInPage = true;



        mPrevGranulePosition = mCurrentPage.mGranulePosition;