Check NAL size before looking inside

Add a check to ensure we have a non-zero size for a NAL while
parsing before we crack said NAL open to see what type it is.

Bug: 72117051
Test: compilation
Change-Id: Iaa3ebb2daae5d9225060a11e9adbb6757a168656
Merged-In: I607c67a320b33b991476db30d78223cf4386c0e8
(cherry picked from commit e0c020969d88891b0b71bb938778e9ca762e8035)

diff --git a/media/libstagefright/avc_utils.cpp b/media/libstagefright/avc_utils.cpp
index a745692..ea2433a 100644 (file)
--- a/media/libstagefright/avc_utils.cpp
+++ b/media/libstagefright/avc_utils.cpp
@@ -339,7 +339,7 @@ static sp<ABuffer> FindNAL(const uint8_t *data, size_t size, unsigned nalType) {
     const uint8_t *nalStart;
     size_t nalSize;
     while (getNextNALUnit(&data, &size, &nalStart, &nalSize, true) == OK) {
-        if ((nalStart[0] & 0x1f) == nalType) {
+        if (nalSize > 0 && (nalStart[0] & 0x1f) == nalType) {
             sp<ABuffer> buffer = new ABuffer(nalSize);
             memcpy(buffer->data(), nalStart, nalSize);
             return buffer;