Merge "DO NOT MERGE - MPEG4Extractor: Check mLastTrack before dereferencing." into klp-dev

8caef852 · Pawin Vongmasa · Android (Google) Code Review · afb20c31 · de84a76b · 8caef852
Commit 8caef852 authored 8 years ago by Pawin Vongmasa Committed by Android (Google) Code Review 8 years ago
Hide whitespace changes
Inline Side-by-side

Showing with 63 additions and 0 deletions

media/libstagefright/MPEG4Extractor.cpp media/libstagefright/MPEG4Extractor.cpp +63 -0

No files found.
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -861,6 +861,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
                    }
                }

+                if (mLastTrack == NULL) {
+                    return ERROR_MALFORMED;
+                }
                mLastTrack->sampleTable = new SampleTable(mDataSource);
            }

@@ -957,6 +960,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
            } else if (mHeaderTimescale == 0) {
                ALOGW("ignoring edit list because timescale is 0");
            } else {
+                if (mLastTrack == NULL) {
+                    return ERROR_MALFORMED;
+                }
                off64_t entriesoffset = data_offset + 8;
                uint64_t segment_duration;
                int64_t media_time;
@@ -1008,6 +1014,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {

        case FOURCC('f', 'r', 'm', 'a'):
        {
+            if (mLastTrack == NULL) {
+                return ERROR_MALFORMED;
+            }
            uint32_t original_fourcc;
            if (mDataSource->readAt(data_offset, &original_fourcc, 4) < 4) {
                return ERROR_IO;
@@ -1027,6 +1036,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {

        case FOURCC('t', 'e', 'n', 'c'):
        {
+            if (mLastTrack == NULL) {
+                return ERROR_MALFORMED;
+            }
            if (chunk_size < 32) {
                return ERROR_MALFORMED;
            }
@@ -1077,6 +1089,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {

        case FOURCC('t', 'k', 'h', 'd'):
        {
+            if (mLastTrack == NULL) {
+                return ERROR_MALFORMED;
+            }
            status_t err;
            if ((err = parseTrackHeader(data_offset, chunk_data_size)) != OK) {
                return err;
@@ -1122,6 +1137,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {

        case FOURCC('m', 'd', 'h', 'd'):
        {
+            if (mLastTrack == NULL) {
+                return ERROR_MALFORMED;
+            }
            if (chunk_data_size < 4) {
                return ERROR_MALFORMED;
            }
@@ -1230,6 +1248,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
            uint32_t entry_count = U32_AT(&buffer[4]);

            if (entry_count > 1) {
+                if (mLastTrack == NULL) {
+                    return ERROR_MALFORMED;
+                }
                // For 3GPP timed text, there could be multiple tx3g boxes contain
                // multiple text display formats. These formats will be used to
                // display the timed text.
@@ -1264,6 +1285,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
        case FOURCC('s', 'a', 'm', 'r'):
        case FOURCC('s', 'a', 'w', 'b'):
        {
+            if (mLastTrack == NULL) {
+                return ERROR_MALFORMED;
+            }
            uint8_t buffer[8 + 20];
            if (chunk_data_size < (ssize_t)sizeof(buffer)) {
                // Basic AudioSampleEntry size.
@@ -1313,6 +1337,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
        case FOURCC('h', '2', '6', '3'):
        case FOURCC('a', 'v', 'c', '1'):
        {
+            if (mLastTrack == NULL) {
+                return ERROR_MALFORMED;
+            }
            mHasVideo = true;

            uint8_t buffer[78];
@@ -1365,6 +1392,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
        case FOURCC('s', 't', 'c', 'o'):
        case FOURCC('c', 'o', '6', '4'):
        {
+            if (mLastTrack == NULL) {
+                return ERROR_MALFORMED;
+            }
            status_t err =
                mLastTrack->sampleTable->setChunkOffsetParams(
                        chunk_type, data_offset, chunk_data_size);
@@ -1379,6 +1409,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {

        case FOURCC('s', 't', 's', 'c'):
        {
+            if (mLastTrack == NULL) {
+                return ERROR_MALFORMED;
+            }
            status_t err =
                mLastTrack->sampleTable->setSampleToChunkParams(
                        data_offset, chunk_data_size);
@@ -1394,6 +1427,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
        case FOURCC('s', 't', 's', 'z'):
        case FOURCC('s', 't', 'z', '2'):
        {
+            if (mLastTrack == NULL) {
+                return ERROR_MALFORMED;
+            }
            status_t err =
                mLastTrack->sampleTable->setSampleSizeParams(
                        chunk_type, data_offset, chunk_data_size);
@@ -1474,6 +1510,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {

        case FOURCC('s', 't', 't', 's'):
        {
+            if (mLastTrack == NULL) {
+                return ERROR_MALFORMED;
+            }
            status_t err =
                mLastTrack->sampleTable->setTimeToSampleParams(
                        data_offset, chunk_data_size);
@@ -1488,6 +1527,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {

        case FOURCC('c', 't', 't', 's'):
        {
+            if (mLastTrack == NULL) {
+                return ERROR_MALFORMED;
+            }
            status_t err =
                mLastTrack->sampleTable->setCompositionTimeToSampleParams(
                        data_offset, chunk_data_size);
@@ -1502,6 +1544,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {

        case FOURCC('s', 't', 's', 's'):
        {
+            if (mLastTrack == NULL) {
+                return ERROR_MALFORMED;
+            }
            status_t err =
                mLastTrack->sampleTable->setSyncSampleParams(
                        data_offset, chunk_data_size);
@@ -1551,6 +1596,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {

        case FOURCC('e', 's', 'd', 's'):
        {
+            if (mLastTrack == NULL) {
+                return ERROR_MALFORMED;
+            }
            if (chunk_data_size < 4) {
                return ERROR_MALFORMED;
            }
@@ -1594,6 +1642,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {

        case FOURCC('a', 'v', 'c', 'C'):
        {
+            if (mLastTrack == NULL) {
+                return ERROR_MALFORMED;
+            }
            sp<ABuffer> buffer = new ABuffer(chunk_data_size);

            if (buffer->data() == NULL) {
@@ -1615,6 +1666,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {

        case FOURCC('d', '2', '6', '3'):
        {
+            if (mLastTrack == NULL) {
+                return ERROR_MALFORMED;
+            }
            /*
             * d263 contains a fixed 7 bytes part:
             *   vendor - 4 bytes
@@ -1770,6 +1824,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {

        case FOURCC('t', 'x', '3', 'g'):
        {
+            if (mLastTrack == NULL) {
+                return ERROR_MALFORMED;
+            }
            uint32_t type;
            const void *data;
            size_t size = 0;
@@ -1850,6 +1907,9 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {

        case FOURCC('s', 'i', 'd', 'x'):
        {
+            if (mLastTrack == NULL) {
+                return ERROR_MALFORMED;
+            }
            parseSegmentIndex(data_offset, chunk_data_size);
            *offset += chunk_size;
            return UNKNOWN_ERROR; // stop parsing after sidx
@@ -2212,6 +2272,9 @@ status_t MPEG4Extractor::parseMetaData(off64_t offset, size_t size) {
                    int32_t delay, padding;
                    if (sscanf(mLastCommentData,
                               " %*x %x %x %*x", &delay, &padding) == 2) {
+                        if (mLastTrack == NULL) {
+                            return ERROR_MALFORMED;
+                        }
                        mLastTrack->meta->setInt32(kKeyEncoderDelay, delay);
                        mLastTrack->meta->setInt32(kKeyEncoderPadding, padding);
                    }