Merge "Enable fsanitize unsigned-integer-overflow in rtsp"

commit: 55de93cf9bf0465f5bd6bb0f413b90bea41b4642 [log] [tgz]
author: Chad Brubaker <cbrubaker@google.com> Mon Aug 17 23:31:12 2015 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Mon Aug 17 23:31:12 2015 +0000
tree: bb091608f29787fbc91cbed2423c26fb3bb998c2
parent: 27bf9d29134ce70a3a2f3c78795fa388ae4379f8 [diff]
parent: f34fbe80f12be26087a6dbc15f11d9ece2b90679 [diff]
diff --git a/media/libstagefright/mpeg2ts/ESQueue.cpp b/media/libstagefright/mpeg2ts/ESQueue.cpp
index 36ec367..c967463 100644
--- a/media/libstagefright/mpeg2ts/ESQueue.cpp
+++ b/media/libstagefright/mpeg2ts/ESQueue.cpp

@@ -1121,6 +1121,10 @@
 
         if (mFormat != NULL && currentStartCode == 0xb8) {
             // GOP layer
+            if (offset + 7 >= size) {
+                ALOGE("Size too small");
+                return NULL;
+            }
             gopFound = true;
             isClosedGop = (data[offset + 7] & 0x40) != 0;
             brokenLink = (data[offset + 7] & 0x20) != 0;
commit	55de93cf9bf0465f5bd6bb0f413b90bea41b4642	[log] [tgz]
author	Chad Brubaker <cbrubaker@google.com>	Mon Aug 17 23:31:12 2015 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Mon Aug 17 23:31:12 2015 +0000
tree	bb091608f29787fbc91cbed2423c26fb3bb998c2
parent	27bf9d29134ce70a3a2f3c78795fa388ae4379f8 [diff]
parent	f34fbe80f12be26087a6dbc15f11d9ece2b90679 [diff]