Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit aa15fefa authored by Dichen Zhang's avatar Dichen Zhang
Browse files

add trunksize as restriction for function parseClearEncryptedSizes() 

Without trunksize as restriction, function parseClearEncryptedSized()
can read the rest of file. If the file has a large number of saiz trunk,
large number of bytes will be copied, which can lead to high cost of
CPU time.

Bug: 124777526
Test: please see #3 and #8 in bug report:
	push senc.mp4 to devices's sdcard
	open photo app
	manuly print log
Change-Id: I854765c82d02d541b92f2658673aa4ce61fb5412
parent d53a0067

media/extractors/mp4/MPEG4Extractor.cpp

+28 −7
Original line number Diff line number Diff line
@@ -160,8 +160,9 @@ private: 
    status_t parseTrackFragmentRun(off64_t offset, off64_t size);

    status_t parseSampleAuxiliaryInformationSizes(off64_t offset, off64_t size);

    status_t parseSampleAuxiliaryInformationOffsets(off64_t offset, off64_t size);

    status_t parseClearEncryptedSizes(off64_t offset, bool isSubsampleEncryption, uint32_t flags);

    status_t parseSampleEncryption(off64_t offset);

    status_t parseClearEncryptedSizes(

        off64_t offset, bool isSubsampleEncryption, uint32_t flags, off64_t size);

    status_t parseSampleEncryption(off64_t offset, off64_t size);

    // returns -1 for invalid layer ID

    int32_t parseHEVCLayerId(const uint8_t *data, size_t size);
@@ -5188,7 +5189,7 @@ status_t MPEG4Source::parseChunk(off64_t *offset) { 


        case FOURCC("senc"): {

            status_t err;

            if ((err = parseSampleEncryption(data_offset)) != OK) {

            if ((err = parseSampleEncryption(data_offset, chunk_data_size)) != OK) {

                return err;

            }

            *offset += chunk_size;
@@ -5380,12 +5381,13 @@ status_t MPEG4Source::parseSampleAuxiliaryInformationOffsets( 
    off64_t drmoffset = mCurrentSampleInfoOffsets[0]; // from moof



    drmoffset += mCurrentMoofOffset;

    size -= mCurrentMoofOffset;



    return parseClearEncryptedSizes(drmoffset, false, 0);

    return parseClearEncryptedSizes(drmoffset, false, 0, size);

}



status_t MPEG4Source::parseClearEncryptedSizes(

        off64_t offset, bool isSubsampleEncryption, uint32_t flags) {

        off64_t offset, bool isSubsampleEncryption, uint32_t flags, off64_t size) {



    int32_t ivlength;

    if (!AMediaFormat_getInt32(mFormat, AMEDIAFORMAT_KEY_CRYPTO_DEFAULT_IV_SIZE, &ivlength)) {
@@ -5400,10 +5402,14 @@ status_t MPEG4Source::parseClearEncryptedSizes( 


    uint32_t sampleCount = mCurrentSampleInfoCount;

    if (isSubsampleEncryption) {

        if(size < 4){

            return ERROR_MALFORMED;

        }

        if (!mDataSource->getUInt32(offset, &sampleCount)) {

            return ERROR_IO;

        }

        offset += 4;

        size -= 4;

    }



    // read CencSampleAuxiliaryDataFormats
@@ -5418,11 +5424,15 @@ status_t MPEG4Source::parseClearEncryptedSizes( 
        }



        memset(smpl->iv, 0, 16);

        if(size < ivlength){

            return ERROR_MALFORMED;

        }

        if (mDataSource->readAt(offset, smpl->iv, ivlength) != ivlength) {

            return ERROR_IO;

        }



        offset += ivlength;

        size -= ivlength;



        bool readSubsamples;

        if (isSubsampleEncryption) {
@@ -5437,13 +5447,20 @@ status_t MPEG4Source::parseClearEncryptedSizes( 


        if (readSubsamples) {

            uint16_t numsubsamples;

            if(size < 2){

                return ERROR_MALFORMED;

            }

            if (!mDataSource->getUInt16(offset, &numsubsamples)) {

                return ERROR_IO;

            }

            offset += 2;

            size -= 2;

            for (size_t j = 0; j < numsubsamples; j++) {

                uint16_t numclear;

                uint32_t numencrypted;

                if(size < 6){

                    return ERROR_MALFORMED;

                }

                if (!mDataSource->getUInt16(offset, &numclear)) {

                    return ERROR_IO;

                }
@@ -5452,6 +5469,7 @@ status_t MPEG4Source::parseClearEncryptedSizes( 
                    return ERROR_IO;

                }

                offset += 4;

                size -= 6;

                smpl->clearsizes.add(numclear);

                smpl->encryptedsizes.add(numencrypted);

            }
@@ -5464,12 +5482,15 @@ status_t MPEG4Source::parseClearEncryptedSizes( 
    return OK;

}



status_t MPEG4Source::parseSampleEncryption(off64_t offset) {

status_t MPEG4Source::parseSampleEncryption(off64_t offset, off64_t chunk_data_size) {

    uint32_t flags;

    if(chunk_data_size < 4) {

        return ERROR_MALFORMED;

    }

    if (!mDataSource->getUInt32(offset, &flags)) { // actually version + flags

        return ERROR_MALFORMED;

    }

    return parseClearEncryptedSizes(offset + 4, true, flags);

    return parseClearEncryptedSizes(offset + 4, true, flags, chunk_data_size - 4);

}



status_t MPEG4Source::parseTrackFragmentHeader(off64_t offset, off64_t size) {