Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bea48ae9 authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Android (Google) Code Review
Browse files

Merge "Fix memory overflow in ESQueue"

parents 923f6531 69ae2db5
Loading
Loading
Loading
Loading
+7 −1
Original line number Diff line number Diff line
@@ -1430,7 +1430,13 @@ sp<ABuffer> ElementaryStreamQueue::dequeueAccessUnitH264() {
                if (mSampleDecryptor != NULL && (nalType == 1 || nalType == 5)) {
                    uint8_t *nalData = mBuffer->data() + pos.nalOffset;
                    size_t newSize = mSampleDecryptor->processNal(nalData, pos.nalSize);
                    // Note: the data can shrink due to unescaping
                    // Note: the data can shrink due to unescaping, but it can never grow
                    if (newSize > pos.nalSize) {
                        // don't log unless verbose, since this can get called a lot if
                        // the caller is trying to resynchronize
                        ALOGV("expected sample size < %u, got %zu", pos.nalSize, newSize);
                        return NULL;
                    }
                    memcpy(accessUnit->data() + dstOffset + 4,
                            nalData,
                            newSize);