Skip to content
Permalink
Browse files

Extra sanity checks on sample size and resolution

Instead of rejecting the samples later when they don't fit in the
buffer, reject the entire file early.

Bug: 22882938
Change-Id: I748153b0e9e827e3f2526468756295b4b5000de6
(cherry picked from commit beef7e5)
  • Loading branch information...
marcone authored and andi34 committed Aug 4, 2015
1 parent 3b7cb64 commit 59aed18ec46da339632f5b5f5a68279cecbbd4f7
Showing with 15 additions and 3 deletions.
  1. +15 −3 media/libstagefright/MPEG4Extractor.cpp
@@ -1383,15 +1383,27 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
// each chunk originally prefixed with a 2 byte length will
// have a 4 byte header (0x00 0x00 0x00 0x01) after conversion,
// and thus will grow by 2 bytes per chunk.
if (max_size > SIZE_MAX - 10 * 2) {
ALOGE("max sample size too big: %zu", max_size);
return ERROR_MALFORMED;
}
mLastTrack->meta->setInt32(kKeyMaxInputSize, max_size + 10 * 2);
} else {
// No size was specified. Pick a conservatively large size.
int32_t width, height;
if (!mLastTrack->meta->findInt32(kKeyWidth, &width) ||
!mLastTrack->meta->findInt32(kKeyHeight, &height)) {
uint32_t width, height;
if (!mLastTrack->meta->findInt32(kKeyWidth, (int32_t*)&width) ||
!mLastTrack->meta->findInt32(kKeyHeight,(int32_t*) &height)) {
ALOGE("No width or height, assuming worst case 1080p");
width = 1920;
height = 1080;
} else {
// A resolution was specified, check that it's not too big. The values below
// were chosen so that the calculations below don't cause overflows, they're
// not indicating that resolutions up to 32kx32k are actually supported.
if (width > 32768 || height > 32768) {
ALOGE("can't support %u x %u video", width, height);
return ERROR_MALFORMED;
}
}

const char *mime;

0 comments on commit 59aed18

Please sign in to comment.
You can’t perform that action at this time.