3434
3535#include " SoftAVCEncoder.h"
3636
37+ #ifndef INT32_MAX
38+ #define INT32_MAX 2147483647
39+ #endif
40+
3741namespace android {
3842
3943template <class T >
@@ -257,6 +261,10 @@ OMX_ERRORTYPE SoftAVCEncoder::initEncParams() {
257261 if (mVideoColorFormat == OMX_COLOR_FormatYUV420SemiPlanar) {
258262 // Color conversion is needed.
259263 CHECK (mInputFrameData == NULL );
264+ if (((uint64_t )mVideoWidth * mVideoHeight ) > ((uint64_t )INT32_MAX / 3 )) {
265+ ALOGE (" Buffer size is too big."
266+ return OMX_ErrorUndefined;
267+ }
260268 mInputFrameData =
261269 (uint8_t *) malloc ((mVideoWidth * mVideoHeight * 3 ) >> 1 );
262270 CHECK (mInputFrameData != NULL );
@@ -278,6 +286,10 @@ OMX_ERRORTYPE SoftAVCEncoder::initEncParams() {
278286 int32_t nMacroBlocks = ((((mVideoWidth + 15 ) >> 4 ) << 4 ) *
279287 (((mVideoHeight + 15 ) >> 4 ) << 4 )) >> 8 ;
280288 CHECK (mSliceGroup == NULL );
289+ if ((size_t )nMacroBlocks > SIZE_MAX / sizeof (uint32_t )) {
290+ ALOGE (" requested memory size is too big."
291+ return OMX_ErrorUndefined;
292+ }
281293 mSliceGroup = (uint32_t *) malloc (sizeof (uint32_t ) * nMacroBlocks);
282294 CHECK (mSliceGroup != NULL );
283295 for (int ii = 0 , idx = 0 ; ii < nMacroBlocks; ++ii) {
@@ -698,6 +710,10 @@ OMX_ERRORTYPE SoftAVCEncoder::internalSetParameter(
698710 if (mStoreMetaDataInBuffers ) {
699711 mVideoColorFormat == OMX_COLOR_FormatYUV420SemiPlanar;
700712 if (mInputFrameData == NULL ) {
713+ if (((uint64_t )mVideoWidth * mVideoHeight ) > ((uint64_t )INT32_MAX / 3 )) {
714+ ALOGE (" Buffer size is too big."
715+ return OMX_ErrorUndefined;
716+ }
701717 mInputFrameData =
702718 (uint8_t *) malloc ((mVideoWidth * mVideoHeight * 3 ) >> 1 );
703719 }
0 commit comments