stagefright: Don't crash on invalid / null AVCC atoms in MKV (38c26d79) · Commits · e / os / android_frameworks_av

media/libstagefright/Utils.cpp

+55 −52

Original line number	Diff line number	Diff line
		@@ -205,7 +205,9 @@ status_t convertMetaDataToMessage(

		const uint8_t ptr = (const uint8_t )data;

		CHECK(size >= 7);
		if (size < 7) {
		ALOGV("Invalid AVCC atom in track, size=%d", size);
		} else {
		CHECK_EQ((unsigned)ptr[0], 1u); // configurationVersion == 1
		uint8_t profile __unused = ptr[1];
		uint8_t level __unused = ptr[3];
		@@ -278,6 +280,7 @@ status_t convertMetaDataToMessage(
		buffer->meta()->setInt32("csd", true);
		buffer->meta()->setInt64("timeUs", 0);
		msg->setBuffer("csd-1", buffer);
		}
		} else if (meta->findData(kKeyHVCC, &type, &data, &size)) {
		const uint8_t ptr = (const uint8_t )data;

+8 −4

Original line number	Diff line number	Diff line
		@@ -245,7 +245,6 @@ MatroskaSource::MatroskaSource(
		mIsAudio = !strncasecmp("audio/", mime, 6);

		if (!strcasecmp(mime, MEDIA_MIMETYPE_VIDEO_AVC)) {
		mType = AVC;

		uint32_t dummy;
		const uint8_t *avcc;
		@@ -253,10 +252,15 @@ MatroskaSource::MatroskaSource(
		CHECK(meta->findData(
		kKeyAVCC, &dummy, (const void **)&avcc, &avccSize));

		CHECK_GE(avccSize, 5u);
		if (avccSize < 5) {
		ALOGW("Invalid AVCC atom in track, size %d", avccSize);
		} else {

		mNALSizeLen = 1 + (avcc[4] & 3);
		ALOGV("mNALSizeLen = %zu", mNALSizeLen);

		mType = AVC;
		}
		} else if (!strcasecmp(mime, MEDIA_MIMETYPE_VIDEO_HEVC)) {
		mType = HEVC;