MPEG4Extractor.cpp: Add check for size == SIZE_MAX

If size == SIZE_MAX, the line:

  uint8_t *buffer = new (std::nothrow) uint8_t[size + 1];

ends up allocating zero bytes, which is obviously incorrect.

(cherry picked from commit b2d33aee5122c91a59c2a676c0b89ad340232450)

Bug: 23031033
Change-Id: I8027247a4e24d2c8a8b4eac88c3643eccda108b9

diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index d1b39dc..411946c 100644 (file)
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -2217,7 +2217,7 @@ status_t MPEG4Extractor::parseTrackHeader(
 }
 
 status_t MPEG4Extractor::parseITunesMetaData(off64_t offset, size_t size) {
-    if (size < 4) {
+    if (size < 4 || size == SIZE_MAX) {
         return ERROR_MALFORMED;
     }