Loading media/extractors/mp4/MPEG4Extractor.cpp +18 −2 Original line number Diff line number Diff line Loading @@ -4972,8 +4972,11 @@ status_t MPEG4Source::parseChunk(off64_t *offset) { } status_t MPEG4Source::parseSampleAuxiliaryInformationSizes( off64_t offset, off64_t /* size */) { off64_t offset, off64_t size) { ALOGV("parseSampleAuxiliaryInformationSizes"); if (size < 9) { return -EINVAL; } // 14496-12 8.7.12 uint8_t version; if (mDataSource->readAt( Loading @@ -4986,25 +4989,32 @@ status_t MPEG4Source::parseSampleAuxiliaryInformationSizes( return ERROR_UNSUPPORTED; } offset++; size--; uint32_t flags; if (!mDataSource->getUInt24(offset, &flags)) { return ERROR_IO; } offset += 3; size -= 3; if (flags & 1) { if (size < 13) { return -EINVAL; } uint32_t tmp; if (!mDataSource->getUInt32(offset, &tmp)) { return ERROR_MALFORMED; } mCurrentAuxInfoType = tmp; offset += 4; size -= 4; if (!mDataSource->getUInt32(offset, &tmp)) { return ERROR_MALFORMED; } mCurrentAuxInfoTypeParameter = tmp; offset += 4; size -= 4; } uint8_t defsize; Loading @@ -5013,6 +5023,7 @@ status_t MPEG4Source::parseSampleAuxiliaryInformationSizes( } mCurrentDefaultSampleInfoSize = defsize; offset++; size--; uint32_t smplcnt; if (!mDataSource->getUInt32(offset, &smplcnt)) { Loading @@ -5020,7 +5031,12 @@ status_t MPEG4Source::parseSampleAuxiliaryInformationSizes( } mCurrentSampleInfoCount = smplcnt; offset += 4; size -= 4; if(smplcnt > size) { ALOGW("b/124525515 - smplcnt(%u) > size(%ld)", (unsigned int)smplcnt, (unsigned long)size); android_errorWriteLog(0x534e4554, "124525515"); return -EINVAL; } if (mCurrentDefaultSampleInfoSize != 0) { ALOGV("@@@@ using default sample info size of %d", mCurrentDefaultSampleInfoSize); return OK; Loading Loading
media/extractors/mp4/MPEG4Extractor.cpp +18 −2 Original line number Diff line number Diff line Loading @@ -4972,8 +4972,11 @@ status_t MPEG4Source::parseChunk(off64_t *offset) { } status_t MPEG4Source::parseSampleAuxiliaryInformationSizes( off64_t offset, off64_t /* size */) { off64_t offset, off64_t size) { ALOGV("parseSampleAuxiliaryInformationSizes"); if (size < 9) { return -EINVAL; } // 14496-12 8.7.12 uint8_t version; if (mDataSource->readAt( Loading @@ -4986,25 +4989,32 @@ status_t MPEG4Source::parseSampleAuxiliaryInformationSizes( return ERROR_UNSUPPORTED; } offset++; size--; uint32_t flags; if (!mDataSource->getUInt24(offset, &flags)) { return ERROR_IO; } offset += 3; size -= 3; if (flags & 1) { if (size < 13) { return -EINVAL; } uint32_t tmp; if (!mDataSource->getUInt32(offset, &tmp)) { return ERROR_MALFORMED; } mCurrentAuxInfoType = tmp; offset += 4; size -= 4; if (!mDataSource->getUInt32(offset, &tmp)) { return ERROR_MALFORMED; } mCurrentAuxInfoTypeParameter = tmp; offset += 4; size -= 4; } uint8_t defsize; Loading @@ -5013,6 +5023,7 @@ status_t MPEG4Source::parseSampleAuxiliaryInformationSizes( } mCurrentDefaultSampleInfoSize = defsize; offset++; size--; uint32_t smplcnt; if (!mDataSource->getUInt32(offset, &smplcnt)) { Loading @@ -5020,7 +5031,12 @@ status_t MPEG4Source::parseSampleAuxiliaryInformationSizes( } mCurrentSampleInfoCount = smplcnt; offset += 4; size -= 4; if(smplcnt > size) { ALOGW("b/124525515 - smplcnt(%u) > size(%ld)", (unsigned int)smplcnt, (unsigned long)size); android_errorWriteLog(0x534e4554, "124525515"); return -EINVAL; } if (mCurrentDefaultSampleInfoSize != 0) { ALOGV("@@@@ using default sample info size of %d", mCurrentDefaultSampleInfoSize); return OK; Loading
