Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit a81b3779 authored by Joshua J. Drake's avatar Joshua J. Drake Committed by Nick Kralevich
Browse files

Prevent integer overflow when processing covr MPEG4 atoms 

If the 'chunk_data_size' value is SIZE_MAX, an integer overflow will occur
and cause an undersized buffer to be allocated. The following processing
then overfills the resulting memory and creates a potentially exploitable
condition. Ensure that integer overflow does not occur.

(cherrypicked from commit 05ddc499)

Bug: 20923261
Change-Id: If09a02738759acdff8d95149bb9cb5f18a0a123e
parent 738a753a
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment