Skip to content

GitLab

Commit beef7e58 authored by Marco Nelissen's avatar Marco Nelissen
Browse files

Extra sanity checks on sample size and resolution 

Instead of rejecting the samples later when they don't fit in the
buffer, reject the entire file early.

Bug: 22882938
Change-Id: I748153b0e9e827e3f2526468756295b4b5000de6
parent 7406bc75
Hide whitespace changes
Inline Side-by-side
Showing with 15 additions and 3 deletions
media/libstagefright/MPEG4Extractor.cpp
View file @ beef7e58
......@@ -1487,15 +1487,27 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
// each chunk originally prefixed with a 2 byte length will
// have a 4 byte header (0x00 0x00 0x00 0x01) after conversion,
// and thus will grow by 2 bytes per chunk.
if (max_size > SIZE_MAX - 10 * 2) {
ALOGE("max sample size too big: %zu", max_size);
return ERROR_MALFORMED;
}
mLastTrack->meta->setInt32(kKeyMaxInputSize, max_size + 10 * 2);
} else {
// No size was specified. Pick a conservatively large size.
int32_t width, height;
if (!mLastTrack->meta->findInt32(kKeyWidth, &width) ||
!mLastTrack->meta->findInt32(kKeyHeight, &height)) {
uint32_t width, height;
if (!mLastTrack->meta->findInt32(kKeyWidth, (int32_t*)&width) ||
!mLastTrack->meta->findInt32(kKeyHeight,(int32_t*) &height)) {
ALOGE("No width or height, assuming worst case 1080p");
width = 1920;
height = 1080;
} else {
// A resolution was specified, check that it's not too big. The values below
// were chosen so that the calculations below don't cause overflows, they're
// not indicating that resolutions up to 32kx32k are actually supported.
if (width > 32768 || height > 32768) {
ALOGE("can't support %u x %u video", width, height);
return ERROR_MALFORMED;
}
}
const char *mime;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment