Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6e2bcf40 authored by Chong Zhang's avatar Chong Zhang
Browse files

stagefright: check aac_frame_length to prevent infinite loop 

bug: 62673179
Change-Id: I5da44822ad2ff59d396d1df42f34cd0a5620e134
parent cf39f0e6

media/libstagefright/mpeg2ts/ESQueue.cpp

+5 −0
Original line number Original line Diff line number Diff line
@@ -460,6 +460,11 @@ sp<ABuffer> ElementaryStreamQueue::dequeueAccessUnitAAC() { 
        bits.skipBits(2);

        bits.skipBits(2);





        unsigned aac_frame_length = bits.getBits(13);

        unsigned aac_frame_length = bits.getBits(13);

        if (aac_frame_length == 0){

            ALOGE("b/62673179, Invalid AAC frame length!");

            android_errorWriteLog(0x534e4554, "62673179");

            return NULL;

        }





        bits.skipBits(11);  // adts_buffer_fullness

        bits.skipBits(11);  // adts_buffer_fullness