Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Fixed a buffer overflow issue" into jb-dev

Browse Source
This commit is contained in:
James Dong
2012-05-29 18:21:38 -07:00
committed by Android (Google) Code Review
parent 01bf82f272 54c40e033e
commit fb910e8ffa
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
media/jni/mediaeditor/VideoEditorMain.cpp
View File

@@ -2623,16 +2623,21 @@ videoEditor_init(
M4OSA_Char* tmpString =
(M4OSA_Char *)videoEditJava_getString(&initialized, pEnv, tempPath,
NULL, M4OSA_NULL);
M4OSA_UInt32 length = strlen((const char *)tmpString);
// Malloc additional 2 bytes for beginning and tail separator.
M4OSA_UInt32 pathLength = length + 2;
pContext->initParams.pTempPath = (M4OSA_Char *)
M4OSA_32bitAlignedMalloc(strlen((const char *)tmpString) + 1, 0x0,
(M4OSA_Char *)"tempPath");
M4OSA_32bitAlignedMalloc(pathLength, 0x0, (M4OSA_Char *)"tempPath");
//initialize the first char. so that strcat works.
M4OSA_Char *ptmpChar = (M4OSA_Char*)pContext->initParams.pTempPath;
ptmpChar[0] = 0x00;
strncat((char *)pContext->initParams.pTempPath, (const char *)tmpString,
(size_t)strlen((const char *)tmpString));
length);
strncat((char *)pContext->initParams.pTempPath, (const char *)"/", (size_t)1);
free(tmpString);
tmpString = NULL;
pContext->mIsUpdateOverlay = false;
pContext->mOverlayFileName = NULL;
pContext->decoders = NULL;