Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fcd1022c authored by Marco Nelissen's avatar Marco Nelissen
Browse files

Fix potential overflow 

Check width and height are not negative, to avoid overflow after
casting to uint64_t.

Bug: 129405342
Test: manual
Change-Id: Ic540879a59cd69a29a1c4dce88ea38316792586c
parent 5635b7d1

media/libstagefright/MediaCodec.cpp

+3 −2
Original line number Diff line number Diff line
@@ -1052,8 +1052,9 @@ status_t MediaCodec::configure( 
        }



        // Prevent possible integer overflow in downstream code.

        if ((uint64_t)mVideoWidth * mVideoHeight > (uint64_t)INT32_MAX / 4) {

            ALOGE("buffer size is too big, width=%d, height=%d", mVideoWidth, mVideoHeight);

        if (mVideoWidth < 0 || mVideoHeight < 0 ||

               (uint64_t)mVideoWidth * mVideoHeight > (uint64_t)INT32_MAX / 4) {

            ALOGE("Invalid size(s), width=%d, height=%d", mVideoWidth, mVideoHeight);

            return BAD_VALUE;

        }

    }