Skip to content
Permalink
Browse files

Check integer overflow to prevent memory corruption

bug: 23016072
Change-Id: If3c9a835408773847c0024a812bd8b4915ebd680
(cherry picked from commit fa8ebb4)
  • Loading branch information...
jefftinker authored and andi34 committed Aug 11, 2015
1 parent afcaff4 commit fa16aa6c3bf2423b5f4b07a731ef6bd5ffbf19c7
Showing with 2 additions and 1 deletion.
  1. +2 −1 media/libstagefright/DRMExtractor.cpp
@@ -186,7 +186,8 @@ status_t DRMSource::read(MediaBuffer **buffer, const ReadOptions *options) {

srcOffset += mNALLengthSize;

if (srcOffset + nalLength > len) {
size_t end = srcOffset + nalLength;
if (end > len || end < srcOffset) {
if (decryptedDrmBuffer.data) {
delete [] decryptedDrmBuffer.data;
decryptedDrmBuffer.data = NULL;

0 comments on commit fa16aa6

Please sign in to comment.
You can’t perform that action at this time.