Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f1aaf950 authored by Sohail Nagaraj's avatar Sohail Nagaraj
Browse files

MPEG4Writer: Fix unsigned integer overflow 

When the timestampUs is negative and firstSampleStartOffsetUs is 0
then we convert it into a positive number which causes an overflow
if the timestamp is equal to INT_MIN.

Test: ./ndk_mediamuxer_fuzzer

Bug: 336685906
Bug: 346056654

Change-Id: I93060a8c3ec31e4309d3b49e528eeda8c7fc88d2
parent b1252561

media/libstagefright/MPEG4Writer.cpp

+6 −0
Original line number Diff line number Diff line
@@ -3776,6 +3776,12 @@ status_t MPEG4Writer::Track::threadEntry() { 
            if (mStszTableEntries->count() == 0) {

                mFirstSampleTimeRealUs = systemTime() / 1000;

                if (timestampUs < 0 && mFirstSampleStartOffsetUs == 0) {

                    if (WARN_UNLESS(timestampUs != INT64_MIN, "for %s track", trackName)) {

                        copy->release();

                        mSource->stop();

                        mIsMalformed = true;

                        break;

                    }

                    mFirstSampleStartOffsetUs = -timestampUs;

                    timestampUs = 0;

                }