commit 1f4ba5f977a5a16390835ce305201ee52dade01c
author Santiago Seifert <aquilescanta@google.com> Mon Jun 14 19:08:34 2021 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Mon Jun 14 19:08:34 2021 +0000
tree 866bd0976b868cddfb8a75f9ed34e07dc9764f7b
parent be2afc556d1de3033ab4985248485e58b6f80400
parent 0f2041fd46a87dac81ba53c1db3a03f169fdbdb8

Merge "Abort operation upon arithmetic overflows" into sc-dev

media/extractors/mp3/MP3Extractor.cpp

diff --git a/media/extractors/mp3/MP3Extractor.cpp b/media/extractors/mp3/MP3Extractor.cpp
index 5bbabdf..248a39c 100644
--- a/media/extractors/mp3/MP3Extractor.cpp
+++ b/media/extractors/mp3/MP3Extractor.cpp
@@ -504,7 +504,14 @@
             }
 
             mCurrentTimeUs = seekTimeUs;
-            mCurrentPos = mFirstFramePos + seekTimeUs * bitrate / 8000000;
+            int64_t seekTimeUsTimesBitrate;
+            if (__builtin_mul_overflow(seekTimeUs, bitrate, &seekTimeUsTimesBitrate)) {
+              return AMEDIA_ERROR_UNSUPPORTED;
+            }
+            if (__builtin_add_overflow(
+                    mFirstFramePos, seekTimeUsTimesBitrate / 8000000, &mCurrentPos)) {
+                return AMEDIA_ERROR_UNSUPPORTED;
+            }
             seekCBR = true;
         } else {
             mCurrentTimeUs = actualSeekTimeUs;