Validate lengths in HEVC metadata parsing (e0dcf097) · Commits · e / os / android_frameworks_av

media/libstagefright/HevcUtils.cpp

+16 −0

Original line number	Diff line number	Diff line
		@@ -45,16 +45,32 @@ HevcParameterSets::HevcParameterSets()
		}

		status_t HevcParameterSets::addNalUnit(const uint8_t* data, size_t size) {
		if (size < 1) {
		ALOGE("empty NAL b/35467107");
		return ERROR_MALFORMED;
		}
		uint8_t nalUnitType = (data[0] >> 1) & 0x3f;
		status_t err = OK;
		switch (nalUnitType) {
		case 32: // VPS
		if (size < 2) {
		ALOGE("invalid NAL/VPS size b/35467107");
		return ERROR_MALFORMED;
		}
		err = parseVps(data + 2, size - 2);
		break;
		case 33: // SPS
		if (size < 2) {
		ALOGE("invalid NAL/SPS size b/35467107");
		return ERROR_MALFORMED;
		}
		err = parseSps(data + 2, size - 2);
		break;
		case 34: // PPS
		if (size < 2) {
		ALOGE("invalid NAL/PPS size b/35467107");
		return ERROR_MALFORMED;
		}
		err = parsePps(data + 2, size - 2);
		break;
		case 39: // Prefix SEI