DO NOT MERGE Fix divide by zero
and be stricter about the layout of various boxes in mp4 files.
Bug: 31318219
Change-Id: I50034d5b6b1967ca6e88aabeacf49f26ba3c0d32
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index 8318848..9ea8a25 100644
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -456,7 +456,8 @@
} else {
uint32_t sampleIndex;
uint32_t sampleTime;
- if (track->sampleTable->findThumbnailSample(&sampleIndex) == OK
+ if (track->timescale != 0 &&
+ track->sampleTable->findThumbnailSample(&sampleIndex) == OK
&& track->sampleTable->getMetaDataForSample(
sampleIndex, NULL /* offset */, NULL /* size */,
&sampleTime) == OK) {
@@ -847,6 +848,10 @@
case FOURCC('s', 'c', 'h', 'i'):
case FOURCC('e', 'd', 't', 's'):
{
+ if (chunk_type == FOURCC('m', 'o', 'o', 'v') && depth != 0) {
+ ALOGE("moov: depth %d", depth);
+ return ERROR_MALFORMED;
+ }
if (chunk_type == FOURCC('s', 't', 'b', 'l')) {
ALOGV("sampleTable chunk is %d bytes long.", (size_t)chunk_size);
@@ -866,6 +871,10 @@
bool isTrack = false;
if (chunk_type == FOURCC('t', 'r', 'a', 'k')) {
+ if (depth != 1) {
+ ALOGE("trak: depth %d", depth);
+ return ERROR_MALFORMED;
+ }
isTrack = true;
Track *track = new Track;
@@ -889,6 +898,10 @@
while (*offset < stop_offset) {
status_t err = parseChunk(offset, depth + 1);
if (err != OK) {
+ if (isTrack) {
+ mLastTrack->skipTrack = true;
+ break;
+ }
return err;
}
}
@@ -1208,10 +1221,6 @@
case FOURCC('s', 't', 's', 'd'):
{
- if (chunk_data_size < 8) {
- return ERROR_MALFORMED;
- }
-
uint8_t buffer[8];
if (chunk_data_size < (off64_t)sizeof(buffer)) {
return ERROR_MALFORMED;
@@ -1700,6 +1709,10 @@
case FOURCC('m', 'v', 'h', 'd'):
{
+ if (depth != 1) {
+ ALOGE("mvhd: depth %d", depth);
+ return ERROR_MALFORMED;
+ }
if (chunk_data_size < 24) {
return ERROR_MALFORMED;
}