Loading media/libstagefright/SampleTable.cpp +14 −0 Original line number Original line Diff line number Diff line Loading @@ -330,6 +330,10 @@ status_t SampleTable::setTimeToSampleParams( } } mTimeToSampleCount = U32_AT(&header[4]); mTimeToSampleCount = U32_AT(&header[4]); uint64_t allocSize = mTimeToSampleCount * 2 * sizeof(uint32_t); if (allocSize > SIZE_MAX) { return ERROR_OUT_OF_RANGE; } mTimeToSample = new uint32_t[mTimeToSampleCount * 2]; mTimeToSample = new uint32_t[mTimeToSampleCount * 2]; size_t size = sizeof(uint32_t) * mTimeToSampleCount * 2; size_t size = sizeof(uint32_t) * mTimeToSampleCount * 2; Loading Loading @@ -372,6 +376,11 @@ status_t SampleTable::setCompositionTimeToSampleParams( } } mNumCompositionTimeDeltaEntries = numEntries; mNumCompositionTimeDeltaEntries = numEntries; uint64_t allocSize = numEntries * 2 * sizeof(uint32_t); if (allocSize > SIZE_MAX) { return ERROR_OUT_OF_RANGE; } mCompositionTimeDeltaEntries = new uint32_t[2 * numEntries]; mCompositionTimeDeltaEntries = new uint32_t[2 * numEntries]; if (mDataSource->readAt( if (mDataSource->readAt( Loading Loading @@ -417,6 +426,11 @@ status_t SampleTable::setSyncSampleParams(off64_t data_offset, size_t data_size) ALOGV("Table of sync samples is empty or has only a single entry!"); ALOGV("Table of sync samples is empty or has only a single entry!"); } } uint64_t allocSize = mNumSyncSamples * sizeof(uint32_t); if (allocSize > SIZE_MAX) { return ERROR_OUT_OF_RANGE; } mSyncSamples = new uint32_t[mNumSyncSamples]; mSyncSamples = new uint32_t[mNumSyncSamples]; size_t size = mNumSyncSamples * sizeof(uint32_t); size_t size = mNumSyncSamples * sizeof(uint32_t); if (mDataSource->readAt(mSyncSampleOffset + 8, mSyncSamples, size) if (mDataSource->readAt(mSyncSampleOffset + 8, mSyncSamples, size) Loading Loading
media/libstagefright/SampleTable.cpp +14 −0 Original line number Original line Diff line number Diff line Loading @@ -330,6 +330,10 @@ status_t SampleTable::setTimeToSampleParams( } } mTimeToSampleCount = U32_AT(&header[4]); mTimeToSampleCount = U32_AT(&header[4]); uint64_t allocSize = mTimeToSampleCount * 2 * sizeof(uint32_t); if (allocSize > SIZE_MAX) { return ERROR_OUT_OF_RANGE; } mTimeToSample = new uint32_t[mTimeToSampleCount * 2]; mTimeToSample = new uint32_t[mTimeToSampleCount * 2]; size_t size = sizeof(uint32_t) * mTimeToSampleCount * 2; size_t size = sizeof(uint32_t) * mTimeToSampleCount * 2; Loading Loading @@ -372,6 +376,11 @@ status_t SampleTable::setCompositionTimeToSampleParams( } } mNumCompositionTimeDeltaEntries = numEntries; mNumCompositionTimeDeltaEntries = numEntries; uint64_t allocSize = numEntries * 2 * sizeof(uint32_t); if (allocSize > SIZE_MAX) { return ERROR_OUT_OF_RANGE; } mCompositionTimeDeltaEntries = new uint32_t[2 * numEntries]; mCompositionTimeDeltaEntries = new uint32_t[2 * numEntries]; if (mDataSource->readAt( if (mDataSource->readAt( Loading Loading @@ -417,6 +426,11 @@ status_t SampleTable::setSyncSampleParams(off64_t data_offset, size_t data_size) ALOGV("Table of sync samples is empty or has only a single entry!"); ALOGV("Table of sync samples is empty or has only a single entry!"); } } uint64_t allocSize = mNumSyncSamples * sizeof(uint32_t); if (allocSize > SIZE_MAX) { return ERROR_OUT_OF_RANGE; } mSyncSamples = new uint32_t[mNumSyncSamples]; mSyncSamples = new uint32_t[mNumSyncSamples]; size_t size = mNumSyncSamples * sizeof(uint32_t); size_t size = mNumSyncSamples * sizeof(uint32_t); if (mDataSource->readAt(mSyncSampleOffset + 8, mSyncSamples, size) if (mDataSource->readAt(mSyncSampleOffset + 8, mSyncSamples, size) Loading
