Extra sanity checks on sample size and resolution (e6f5d47a) · Commits · e / os / android_frameworks_av

media/libstagefright/MPEG4Extractor.cpp

+15 −3

Original line number	Original line	Diff line number	Diff line
	@@ -1379,15 +1379,27 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
	// each chunk originally prefixed with a 2 byte length will		// each chunk originally prefixed with a 2 byte length will
	// have a 4 byte header (0x00 0x00 0x00 0x01) after conversion,		// have a 4 byte header (0x00 0x00 0x00 0x01) after conversion,
	// and thus will grow by 2 bytes per chunk.		// and thus will grow by 2 bytes per chunk.
			if (max_size > SIZE_MAX - 10 * 2) {
			ALOGE("max sample size too big: %zu", max_size);
			return ERROR_MALFORMED;
			}
	mLastTrack->meta->setInt32(kKeyMaxInputSize, max_size + 10 * 2);		mLastTrack->meta->setInt32(kKeyMaxInputSize, max_size + 10 * 2);
	} else {		} else {
	// No size was specified. Pick a conservatively large size.		// No size was specified. Pick a conservatively large size.
	int32_t width, height;		uint32_t width, height;
	if (!mLastTrack->meta->findInt32(kKeyWidth, &width) \|\|		if (!mLastTrack->meta->findInt32(kKeyWidth, (int32_t*)&width) \|\|
	!mLastTrack->meta->findInt32(kKeyHeight, &height)) {		!mLastTrack->meta->findInt32(kKeyHeight,(int32_t*) &height)) {
	ALOGE("No width or height, assuming worst case 1080p");		ALOGE("No width or height, assuming worst case 1080p");
	width = 1920;		width = 1920;
	height = 1080;		height = 1080;
			} else {
			// A resolution was specified, check that it's not too big. The values below
			// were chosen so that the calculations below don't cause overflows, they're
			// not indicating that resolutions up to 32kx32k are actually supported.
			if (width > 32768 \|\| height > 32768) {
			ALOGE("can't support %u x %u video", width, height);
			return ERROR_MALFORMED;
			}
	}		}

	const char *mime;		const char *mime;