Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fbe3bcc8 authored by Venkatarama Avadhani's avatar Venkatarama Avadhani
Browse files

Add Timestamp Validation in MPEG4Writer 

Validate the timestamps of the input buffers to prevent overflow and
underflow errors.

Test: mpeg4_writer_fuzzer
Test: atest android.media.muxer.cts.MediaMuxerTest
Test: atest CtsMediaV2TestCases:MuxerUnitTest
Bug: 182649641

Change-Id: I00539d92dfe860e7abb79d96dbf3ee70c9762ee5
parent dbff6b4c

media/libstagefright/MPEG4Writer.cpp

+37 −0
Original line number Diff line number Diff line
@@ -172,6 +172,7 @@ public: 
    const char *getTrackType() const;

    void resetInternal();

    int64_t trackMetaDataSize();

    bool isTimestampValid(int64_t timeUs);



private:

    // A helper class to handle faster write box with table entries
@@ -2430,6 +2431,42 @@ status_t MPEG4Writer::setNextFd(int fd) { 
    return OK;

}



bool MPEG4Writer::isSampleMetadataValid(size_t trackIndex, int64_t timeUs) {

    // Track Index starts from zero, so it should be at least 1 less than size.

    if (trackIndex >= mTracks.size()) {

        ALOGE("Incorrect trackIndex %zu, mTracks->size() %zu", trackIndex, mTracks.size());

        return false;

    }



    List<Track *>::iterator it = mTracks.begin();



    // (*it) is already pointing to trackIndex 0.

    for (int i = 1; i <= trackIndex; i++) {

        it++;

    }



    return (*it)->isTimestampValid(timeUs);

}



bool MPEG4Writer::Track::isTimestampValid(int64_t timeUs) {

    // No timescale if HEIF

    if (mIsHeif) {

        return true;

    }



    // Ensure that the timeUs value does not have extremely low or high values

    // that would cause an underflow or overflow, like in the calculation -

    // mdhdDuration = (trakDurationUs * mTimeScale + 5E5) / 1E6

    if (abs(timeUs) >= (INT64_MAX - 5E5) / mTimeScale) {

        return false;

    }

    // Limit check for calculations in ctts box

    if (abs(timeUs) + kMaxCttsOffsetTimeUs >= INT64_MAX / mTimeScale) {

        return false;

    }

    return true;

}



bool MPEG4Writer::Track::isExifData(

        MediaBufferBase *buffer, uint32_t *tiffHdrOffset) const {

    if (!mIsHeif) {

media/libstagefright/include/media/stagefright/MPEG4Writer.h

+3 −0
Original line number Diff line number Diff line
@@ -77,6 +77,9 @@ public: 
    virtual void setStartTimeOffsetMs(int ms) { mStartTimeOffsetMs = ms; }

    virtual int32_t getStartTimeOffsetMs() const { return mStartTimeOffsetMs; }

    virtual status_t setNextFd(int fd);

    // Returns true if the timestamp is valid which is compatible with the Mpeg4.

    // Note that this overloads that method in the base class.

    bool isSampleMetadataValid(size_t trackIndex, int64_t timeUs) override;



protected:

    virtual ~MPEG4Writer();