Fix Out of Bounds Read in AAVCAssembler

}

bool AAVCAssembler::dropFramesUntilIframe(const sp<ABuffer> &buffer) {

    if (buffer->size() == 0) {

        ALOGE("b/230630526 buffer->size() == 0");

        android_errorWriteLog(0x534e4554, "230630526");

        return false;

    }

    const uint8_t *data = buffer->data();

    unsigned nalType = data[0] & 0x1f;

    if (!mFirstIFrameProvided && nalType < 0x5) {

    int32_t firstSeqNo = buffer->int32Data();

    // This only works for FU-A type & non-start sequence

    int32_t nalType = buffer->size() >= 1 ? buffer->data()[0] & 0x1f : -1;

    if (nalType != 28 || (buffer->size() >= 2 && buffer->data()[1] & 0x80)) {

    if (buffer->size() < 2 || (buffer->data()[0] & 0x1f) != 28 || buffer->data()[1] & 0x80) {

        return firstSeqNo;

    }

int32_t AHEVCAssembler::pickStartSeq(const Queue *queue,

        uint32_t first, int64_t play, int64_t jit) {

    CHECK(!queue->empty());

    // pick the first sequence number has the start bit.

    sp<ABuffer> buffer = *(queue->begin());

    int32_t firstSeqNo = buffer->int32Data();

    // This only works for FU-A type & non-start sequence

    unsigned nalType = buffer->data()[0] & 0x1f;

    if (nalType != 28 || buffer->data()[2] & 0x80) {

    if (buffer->size() < 3 || (buffer->data()[0] & 0x1f) != 28 || buffer->data()[2] & 0x80) {

        return firstSeqNo;

    }

        if (rtpTime + jit >= play) {

            break;

        }

        if ((data[2] & 0x80)) {

        if (it->size() >= 3 && (data[2] & 0x80)) {

            const int32_t seqNo = it->int32Data();

            ALOGE("finding [HEAD] pkt. \t Seq# (%d ~ )[%d", firstSeqNo, seqNo);

            firstSeqNo = seqNo;