From 909255a9cf425534e4a8b582a320686852dc59dc Mon Sep 17 00:00:00 2001 From: Andreas Huber Date: Thu, 14 Jan 2010 14:13:15 -0800 Subject: [PATCH] Squashed commit of the following: commit 0014ab17f2e0986044327a5ab22159de50b81e0a Author: Andreas Huber Date: Thu Jan 14 14:05:09 2010 -0800 Another instance of returning an error instead of asserting makes sense. commit d2cac8c498a65b449a25ec216601830d23c165e7 Author: Andreas Huber Date: Thu Jan 14 13:34:33 2010 -0800 Instead of asserting on invalid data (incomplete NAL unit), return an error. --- media/libstagefright/MPEG4Extractor.cpp | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp index 9e7f1c74a0028..07a5a8263559f 100644 --- a/media/libstagefright/MPEG4Extractor.cpp +++ b/media/libstagefright/MPEG4Extractor.cpp @@ -984,7 +984,14 @@ status_t MPEG4Source::read( (const uint8_t *)mBuffer->data() + mBuffer->range_offset(); size_t nal_size = parseNALSize(src); - CHECK(mBuffer->range_length() >= mNALLengthSize + nal_size); + if (mBuffer->range_length() < mNALLengthSize + nal_size) { + LOGE("incomplete NAL unit."); + + mBuffer->release(); + mBuffer = NULL; + + return ERROR_MALFORMED; + } MediaBuffer *clone = mBuffer->clone(); clone->set_range(mBuffer->range_offset() + mNALLengthSize, nal_size); @@ -1023,7 +1030,13 @@ status_t MPEG4Source::read( CHECK(srcOffset + mNALLengthSize <= size); size_t nalLength = parseNALSize(&mSrcBuffer[srcOffset]); srcOffset += mNALLengthSize; - CHECK(srcOffset + nalLength <= size); + + if (srcOffset + nalLength > size) { + mBuffer->release(); + mBuffer = NULL; + + return ERROR_MALFORMED; + } if (nalLength == 0) { continue;