Handle overflow in android::HeifDataSource::readAt

Bug: 73782357
Change-Id: I03a5b4c5ddaf2664f342973da7f1a79f29cd7be5
(cherry picked from commit 237f9034c6cbe5cbafb0cd4c862d9dddfbdf7389)

diff --git a/media/libheif/HeifDecoderImpl.cpp b/media/libheif/HeifDecoderImpl.cpp
index 175d458..57209e2 100644 (file)
--- a/media/libheif/HeifDecoderImpl.cpp
+++ b/media/libheif/HeifDecoderImpl.cpp
@@ -139,6 +139,11 @@ ssize_t HeifDataSource::readAt(off64_t offset, size_t size) {
     // have been caught above.
     CHECK(offset >= mCachedOffset);
 
+    off64_t resultOffset;
+    if (__builtin_add_overflow(offset, size, &resultOffset)) {
+        return ERROR_IO;
+    }
+
     if (size == 0) {
         return 0;
     }