Merge "stagefright: check aac_frame_length to prevent infinite loop" into klp-dev am: d371d08bcc am: 98248c3f88 am: 5f3ac3898d am: aafbda5a18 am: b226bba820 am: 8d579abf97 am: 2b1df0008a am: b38111a0db am: fb7c6d9173 am: ee1f46846d am: 8486817a65 am: 0ac0157213 am: a06a77509b am: 24145427ed am: 8a4f540bdf am: f62d2cf89a Change-Id: I502a1b8fe8a7344b2ecf34b4145b3b1de7f303a6

commit: 719e24e82381cccdcb84524c5bef9a3b3ad7c1b4 [log] [tgz]
author: Chong Zhang <chz@google.com> Tue Jul 18 23:03:50 2017 +0000
committer: android-build-merger <android-build-merger@google.com> Tue Jul 18 23:03:50 2017 +0000
tree: 65956235325e70e97e24da42180a567bc224ea17
parent: 9ada6f85bfb21e160f8b025df3de20d667ad1c9a [diff]
parent: f62d2cf89a0a39df6f2791427b1e142440c1947e [diff]
diff --git a/media/libstagefright/mpeg2ts/ESQueue.cpp b/media/libstagefright/mpeg2ts/ESQueue.cpp
index f1b44ae..1cf9744 100644
--- a/media/libstagefright/mpeg2ts/ESQueue.cpp
+++ b/media/libstagefright/mpeg2ts/ESQueue.cpp

@@ -892,6 +892,11 @@
         bits.skipBits(2);
 
         unsigned aac_frame_length = bits.getBits(13);
+        if (aac_frame_length == 0){
+            ALOGE("b/62673179, Invalid AAC frame length!");
+            android_errorWriteLog(0x534e4554, "62673179");
+            return NULL;
+        }
 
         bits.skipBits(11);  // adts_buffer_fullness
commit	719e24e82381cccdcb84524c5bef9a3b3ad7c1b4	[log] [tgz]
author	Chong Zhang <chz@google.com>	Tue Jul 18 23:03:50 2017 +0000
committer	android-build-merger <android-build-merger@google.com>	Tue Jul 18 23:03:50 2017 +0000
tree	65956235325e70e97e24da42180a567bc224ea17
parent	9ada6f85bfb21e160f8b025df3de20d667ad1c9a [diff]
parent	f62d2cf89a0a39df6f2791427b1e142440c1947e [diff]