Merge "HTTPLiveSource: implement getFormatMeta" into nyc-mr1-dev
diff --git a/media/libeffects/visualizer/EffectVisualizer.cpp b/media/libeffects/visualizer/EffectVisualizer.cpp
index 91f9fc7..21fddb1 100644
--- a/media/libeffects/visualizer/EffectVisualizer.cpp
+++ b/media/libeffects/visualizer/EffectVisualizer.cpp
@@ -602,9 +602,14 @@
case VISUALIZER_CMD_MEASURE: {
if (pReplyData == NULL || replySize == NULL ||
*replySize < (sizeof(int32_t) * MEASUREMENT_COUNT)) {
- ALOGV("VISUALIZER_CMD_MEASURE() error *replySize %" PRIu32
- " < (sizeof(int32_t) * MEASUREMENT_COUNT) %" PRIu32, *replySize,
- sizeof(int32_t) * MEASUREMENT_COUNT);
+ if (replySize == NULL) {
+ ALOGV("VISUALIZER_CMD_MEASURE() error replySize NULL");
+ } else {
+ ALOGV("VISUALIZER_CMD_MEASURE() error *replySize %" PRIu32
+ " < (sizeof(int32_t) * MEASUREMENT_COUNT) %" PRIu32,
+ *replySize,
+ uint32_t(sizeof(int32_t)) * MEASUREMENT_COUNT);
+ }
android_errorWriteLog(0x534e4554, "30229821");
return -EINVAL;
}
diff --git a/media/libmedia/IMediaExtractor.cpp b/media/libmedia/IMediaExtractor.cpp
index e8ad75b..72d1d7c 100644
--- a/media/libmedia/IMediaExtractor.cpp
+++ b/media/libmedia/IMediaExtractor.cpp
@@ -160,6 +160,9 @@
if (data.readUint32(&idx) == NO_ERROR &&
data.readUint32(&flags) == NO_ERROR) {
sp<MetaData> meta = getTrackMetaData(idx, flags);
+ if (meta == NULL) {
+ return UNKNOWN_ERROR;
+ }
meta->writeToParcel(*reply);
return NO_ERROR;
}
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index 0395c77..f42fbcf 100644
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -478,7 +478,8 @@
} else {
uint32_t sampleIndex;
uint32_t sampleTime;
- if (track->sampleTable->findThumbnailSample(&sampleIndex) == OK
+ if (track->timescale != 0 &&
+ track->sampleTable->findThumbnailSample(&sampleIndex) == OK
&& track->sampleTable->getMetaDataForSample(
sampleIndex, NULL /* offset */, NULL /* size */,
&sampleTime) == OK) {
@@ -930,6 +931,10 @@
case FOURCC('e', 'd', 't', 's'):
case FOURCC('w', 'a', 'v', 'e'):
{
+ if (chunk_type == FOURCC('m', 'o', 'o', 'v') && depth != 0) {
+ ALOGE("moov: depth %d", depth);
+ return ERROR_MALFORMED;
+ }
if (chunk_type == FOURCC('m', 'o', 'o', 'f') && !mMoofFound) {
// store the offset of the first segment
mMoofFound = true;
@@ -958,6 +963,10 @@
bool isTrack = false;
if (chunk_type == FOURCC('t', 'r', 'a', 'k')) {
+ if (depth != 1) {
+ ALOGE("trak: depth %d", depth);
+ return ERROR_MALFORMED;
+ }
isTrack = true;
Track *track = new Track;
@@ -981,6 +990,10 @@
while (*offset < stop_offset) {
status_t err = parseChunk(offset, depth + 1);
if (err != OK) {
+ if (isTrack) {
+ mLastTrack->skipTrack = true;
+ break;
+ }
return err;
}
}
@@ -1326,10 +1339,6 @@
case FOURCC('s', 't', 's', 'd'):
{
- if (chunk_data_size < 8) {
- return ERROR_MALFORMED;
- }
-
uint8_t buffer[8];
if (chunk_data_size < (off64_t)sizeof(buffer)) {
return ERROR_MALFORMED;
@@ -1824,6 +1833,9 @@
case FOURCC('b', 't', 'r', 't'):
{
*offset += chunk_size;
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
uint8_t buffer[12];
if (chunk_data_size != sizeof(buffer)) {
@@ -1993,6 +2005,10 @@
{
*offset += chunk_size;
+ if (depth != 1) {
+ ALOGE("mvhd: depth %d", depth);
+ return ERROR_MALFORMED;
+ }
if (chunk_data_size < 32) {
return ERROR_MALFORMED;
}