Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_av / e4cce73b86cfd82d2083c6ebc80748b14aeedca1^1..e4cce73b86cfd82d2083c6ebc80748b14aeedca1 / .
commite4cce73b86cfd82d2083c6ebc80748b14aeedca1[log] [tgz]
authorRay Essick <essick@google.com>Mon Mar 13 23:32:31 2017 +0000
committerandroid-build-merger <android-build-merger@google.com>Mon Mar 13 23:32:31 2017 +0000
tree1ebd199a2f921d5c88d46ad71158643677d2e584
parent7422dafea057df94a1bb3b49e6a81e9e9c8379af [diff]
parentb532a32912787ded2fbea16466f17d4d5bcb6aea [diff]
Merge "Fix TOCTOU problem in libstagefright_soft_aacenc" into klp-dev am: 2076915c5f am: dcda2ec2fe am: f5c7784dbd am: c3de266a99 am: 8655d4fc01 am: b05be00f56 am: eb58ce5bb0 am: a830539187 am: e973c65525 am: ae7fae1810 am: d4d9c97a9d
am: b532a32912

Change-Id: Ibc2f3193bbec30007428900d55caff74876bb856

diff --git a/media/libstagefright/codecs/aacenc/SoftAACEncoder2.cpp b/media/libstagefright/codecs/aacenc/SoftAACEncoder2.cpp
index 5f516cb..c55d536 100644
--- a/media/libstagefright/codecs/aacenc/SoftAACEncoder2.cpp
+++ b/media/libstagefright/codecs/aacenc/SoftAACEncoder2.cpp

@@ -16,6 +16,7 @@
 
 //#define LOG_NDEBUG 0
 #define LOG_TAG "SoftAACEncoder2"
+#include <log/log.h>
 #include <utils/Log.h>
 
 #include "SoftAACEncoder2.h"
@@ -61,6 +62,7 @@
       mSentCodecSpecificData(false),
       mInputSize(0),
       mInputFrame(NULL),
+      mAllocatedFrameSize(0),
       mInputTimeUs(-1ll),
       mSawInputEOS(false),
       mSignalledError(false) {
@@ -556,6 +558,15 @@
 
             if (mInputFrame == NULL) {
                 mInputFrame = new int16_t[numBytesPerInputFrame / sizeof(int16_t)];
+                mAllocatedFrameSize = numBytesPerInputFrame;
+            } else if (mAllocatedFrameSize != numBytesPerInputFrame) {
+                ALOGE("b/34621073: changed size from %d to %d",
+                        (int)mAllocatedFrameSize, (int)numBytesPerInputFrame);
+                android_errorWriteLog(0x534e4554,"34621073");
+                delete mInputFrame;
+                mInputFrame = new int16_t[numBytesPerInputFrame / sizeof(int16_t)];
+                mAllocatedFrameSize = numBytesPerInputFrame;
+
             }
 
             if (mInputSize == 0) {
@@ -706,6 +717,7 @@
     delete[] mInputFrame;
     mInputFrame = NULL;
     mInputSize = 0;
+    mAllocatedFrameSize = 0;
 
     mSentCodecSpecificData = false;
     mInputTimeUs = -1ll;

diff --git a/media/libstagefright/codecs/aacenc/SoftAACEncoder2.h b/media/libstagefright/codecs/aacenc/SoftAACEncoder2.h
index f1b81e1..123fd25 100644
--- a/media/libstagefright/codecs/aacenc/SoftAACEncoder2.h
+++ b/media/libstagefright/codecs/aacenc/SoftAACEncoder2.h

@@ -62,6 +62,7 @@
     bool mSentCodecSpecificData;
     size_t mInputSize;
     int16_t *mInputFrame;
+    size_t mAllocatedFrameSize;
     int64_t mInputTimeUs;
 
     bool mSawInputEOS;