Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a86fef32 authored by Wonsik Kim's avatar Wonsik Kim
Browse files

Ogg: fix possible read overflow 

Bug: 23607712
Change-Id: I03547179cc4480b6fd081384a2a06369e178bdec
parent 737b13bb

media/libstagefright/OggExtractor.cpp

+5 −4
Original line number Diff line number Diff line
@@ -1333,11 +1333,12 @@ static void extractAlbumArt( 
        goto exit;

    }



    descLen = U32_AT(&flac[8 + typeLen]);

    if (flacSize < 32 || flacSize - 32 < typeLen) {

        goto exit;

    }



    if (flacSize < 32 ||

        flacSize - 32 < typeLen ||

        flacSize - 32 - typeLen < descLen) {

    descLen = U32_AT(&flac[8 + typeLen]);

    if (flacSize - 32 - typeLen < descLen) {

        goto exit;

    }