Fix potential overflow in WAV extractor (bab26695) · Commits · e / os / android_frameworks_av

media/libstagefright/WAVExtractor.cpp

+9 −9

Original line number	Diff line number	Diff line
		@@ -61,7 +61,7 @@ struct WAVSource : public MediaSource {
		const sp<DataSource> &dataSource,
		const sp<MetaData> &meta,
		uint16_t waveFormat,
		int32_t bitsPerSample,
		uint32_t bitsPerSample,
		off64_t offset, size_t size);

		virtual status_t start(MetaData *params = NULL);
		@@ -82,9 +82,9 @@ private:
		sp<DataSource> mDataSource;
		sp<MetaData> mMeta;
		uint16_t mWaveFormat;
		int32_t mSampleRate;
		int32_t mNumChannels;
		int32_t mBitsPerSample;
		uint32_t mSampleRate;
		uint32_t mNumChannels;
		uint32_t mBitsPerSample;
		off64_t mOffset;
		size_t mSize;
		bool mStarted;
		@@ -357,7 +357,7 @@ WAVSource::WAVSource(
		const sp<DataSource> &dataSource,
		const sp<MetaData> &meta,
		uint16_t waveFormat,
		int32_t bitsPerSample,
		uint32_t bitsPerSample,
		off64_t offset, size_t size)
		: mDataSource(dataSource),
		mMeta(meta),
		@@ -369,8 +369,8 @@ WAVSource::WAVSource(
		mSize(size),
		mStarted(false),
		mGroup(NULL) {
		CHECK(mMeta->findInt32(kKeySampleRate, &mSampleRate));
		CHECK(mMeta->findInt32(kKeyChannelCount, &mNumChannels));
		CHECK(mMeta->findInt32(kKeySampleRate, (int32_t*) &mSampleRate));
		CHECK(mMeta->findInt32(kKeyChannelCount, (int32_t*) &mNumChannels));

		mMeta->setInt32(kKeyMaxInputSize, kMaxFrameSize);
		}
		@@ -461,8 +461,8 @@ status_t WAVSource::read(
		ALOGV("%s mBitsPerSample %d, kMaxFrameSize %zu, ",
		__func__, mBitsPerSample, kMaxFrameSize);

		size_t maxBytesAvailable =
		(mCurrentPos - mOffset >= (off64_t)mSize)
		const size_t maxBytesAvailable =
		(mCurrentPos < mOffset \|\| mCurrentPos - mOffset >= (off64_t)mSize)
		? 0 : mSize - (mCurrentPos - mOffset);

		if (maxBytesToRead > maxBytesAvailable) {