Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1f63c7ec authored Oct 25, 2010 by Y Mehta Committed by Steve Kondik Nov 18, 2010

libstagefright: Add check for corrupted header in mp4 file

- Playback of audio clip cuases ANR
-The infinite recursive call of parseChunk causes ANR.
-Return error when mNumSampleSizes is corrupted.

Change-Id: Ifd0c31b1adc98f8809ecff8022a484b7f649295c
CRs-Fixed: 258193

parent 0c6fcd90

media/libstagefright/MPEG4Extractor.cpp

+2 −0

Original line number	Diff line number	Diff line
		@@ -433,6 +433,8 @@ status_t MPEG4Extractor::parseChunk(off_t *offset, int depth) {
		return ERROR_IO;
		}
		chunk_size = ntoh64(chunk_size);
		if (chunk_size == 0)
		return ERROR_MALFORMED;
		data_offset += 8;
		}

media/libstagefright/SampleTable.cpp

+4 −3

Original line number	Diff line number	Diff line
		@@ -193,13 +193,14 @@ status_t SampleTable::setSampleSizeParams(
		if (type == kSampleSizeType32) {
		mSampleSizeFieldSize = 32;

		if ((data_size < 12 + mNumSampleSizes * 4) && ((mDefaultSampleSize & 0xFF000000) != 0) ) {
		return ERROR_MALFORMED;
		}

		if (mDefaultSampleSize != 0) {
		return OK;
		}

		if (data_size < 12 + mNumSampleSizes * 4) {
		return ERROR_MALFORMED;
		}
		} else {
		if ((mDefaultSampleSize & 0xffffff00) != 0) {
		// The high 24 bits are reserved and must be 0.