Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2c184d8b authored by Joshua J. Drake's avatar Joshua J. Drake Committed by Jon Larimer
Browse files

Fix multiple division-by-zero conditions in MPEG4 parsing 

Several situations arise processing MP4 atoms that lead to undefined behavior
when dividing by zero. Typically this results in a crash (denial of service
condition).

NOTE: In most cases we simply avoid the division, leaving kKeyDuration unset.
It may be more desirable to bail out, as we do in the parseSegmentIndex case.

Bug: 20139950
Change-Id: I62e1b977f0e5ed0094094a55d300bac76b476c7b
parent 9ad03116

media/libstagefright/MPEG4Extractor.cpp

+5 −3
Original line number Diff line number Diff line
@@ -1202,7 +1202,7 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) { 
                    duration = ntohl(duration32);

                }

            }

            if (duration != 0) {

            if (duration != 0 && mLastTrack->timescale != 0) {

                mLastTrack->meta->setInt64(

                        kKeyDuration, (duration * 1000000) / mLastTrack->timescale);

            }
@@ -1776,7 +1776,7 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) { 
                }

                duration = d32;

            }

            if (duration != 0) {

            if (duration != 0 && mHeaderTimescale != 0) {

                mFileMetaData->setInt64(kKeyDuration, duration * 1000000 / mHeaderTimescale);

            }
@@ -1825,7 +1825,7 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) { 
                return ERROR_MALFORMED;

            }



            if (duration != 0) {

            if (duration != 0 && mHeaderTimescale != 0) {

                mFileMetaData->setInt64(kKeyDuration, duration * 1000000 / mHeaderTimescale);

            }
@@ -2042,6 +2042,8 @@ status_t MPEG4Extractor::parseSegmentIndex(off64_t offset, size_t size) { 
        return ERROR_MALFORMED;

    }

    ALOGV("sidx refid/timescale: %d/%d", referenceId, timeScale);

    if (timeScale == 0)

        return ERROR_MALFORMED;



    uint64_t earliestPresentationTime;

    uint64_t firstOffset;