Avoid reading at negative offsets
Avoid making MPEG4Extractor read from negative data source offsets,
but also make FileSource::readAt() handle them gracefully.
Bug: 141242340
Test: poc, manual
Change-Id: If82dcaec43a63b71d24a5572eeea5e0685fb4a1c
diff --git a/media/extractors/mp4/MPEG4Extractor.cpp b/media/extractors/mp4/MPEG4Extractor.cpp
index c8079eb..ce82861 100755
--- a/media/extractors/mp4/MPEG4Extractor.cpp
+++ b/media/extractors/mp4/MPEG4Extractor.cpp
@@ -6679,6 +6679,12 @@
// The smallest valid chunk is 16 bytes long in this case.
return false;
}
+ if (chunkSize > INT64_MAX) {
+ // reject overly large chunk sizes that could
+ // be interpreted as negative
+ ALOGE("chunk size too large");
+ return false;
+ }
} else if (chunkSize < 8) {
// The smallest valid chunk is 8 bytes long.
@@ -6734,7 +6740,10 @@
case FOURCC("moov"):
{
- moovAtomEndOffset = offset + chunkSize;
+ if (__builtin_add_overflow(offset, chunkSize, &moovAtomEndOffset)) {
+ ALOGE("chunk size + offset would overflow");
+ return false;
+ }
done = true;
break;
@@ -6744,7 +6753,10 @@
break;
}
- offset += chunkSize;
+ if (__builtin_add_overflow(offset, chunkSize, &offset)) {
+ ALOGE("chunk size + offset would overflow");
+ return false;
+ }
}
if (!foundGoodFileType) {
diff --git a/media/libdatasource/FileSource.cpp b/media/libdatasource/FileSource.cpp
index bbf7dda..3d34d0c 100644
--- a/media/libdatasource/FileSource.cpp
+++ b/media/libdatasource/FileSource.cpp
@@ -107,6 +107,9 @@
Mutex::Autolock autoLock(mLock);
if (mLength >= 0) {
+ if (offset < 0) {
+ return UNKNOWN_ERROR;
+ }
if (offset >= mLength) {
return 0; // read beyond EOF.
}