DO NOT MERGE: defensive parsing of mp3 album art information
several points in stagefrights mp3 album art code
used strlen() to parse user-supplied strings that may be
unterminated, resulting in reading beyond the end of a buffer.
This changes the code to use strnlen() for 8-bit encodings and
strengthens the parsing of 16-bit encodings similarly. It also
reworks how we watch for the end-of-buffer to avoid all over-reads.
Bug:
32377688
Test: crafted mp3's w/ good/bad cover art. See what showed in play music
Change-Id: Ib46cd1b5a3e1707c343d395f235bedb82764e184
OSDN Git Service
