Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d2243cf3 authored by Marco Nelissen's avatar Marco Nelissen Committed by Android (Google) Code Review
Browse files

Merge "Avoid reading at negative offsets"

parents 91fe7893 d91c921c
Loading
Loading
Loading
Loading
+14 −2
Original line number Diff line number Diff line
@@ -6679,6 +6679,12 @@ static bool BetterSniffMPEG4(DataSourceHelper *source, float *confidence) {
                // The smallest valid chunk is 16 bytes long in this case.
                return false;
            }
            if (chunkSize > INT64_MAX) {
                // reject overly large chunk sizes that could
                // be interpreted as negative
                ALOGE("chunk size too large");
                return false;
            }

        } else if (chunkSize < 8) {
            // The smallest valid chunk is 8 bytes long.
@@ -6734,7 +6740,10 @@ static bool BetterSniffMPEG4(DataSourceHelper *source, float *confidence) {

            case FOURCC("moov"):
            {
                moovAtomEndOffset = offset + chunkSize;
                if (__builtin_add_overflow(offset, chunkSize, &moovAtomEndOffset)) {
                    ALOGE("chunk size + offset would overflow");
                    return false;
                }

                done = true;
                break;
@@ -6744,7 +6753,10 @@ static bool BetterSniffMPEG4(DataSourceHelper *source, float *confidence) {
                break;
        }

        offset += chunkSize;
        if (__builtin_add_overflow(offset, chunkSize, &offset)) {
            ALOGE("chunk size + offset would overflow");
            return false;
        }
    }

    if (!foundGoodFileType) {
+3 −0
Original line number Diff line number Diff line
@@ -107,6 +107,9 @@ ssize_t FileSource::readAt(off64_t offset, void *data, size_t size) {

    Mutex::Autolock autoLock(mLock);
    if (mLength >= 0) {
        if (offset < 0) {
            return UNKNOWN_ERROR;
        }
        if (offset >= mLength) {
            return 0;  // read beyond EOF.
        }