From: Steve Kondik <steve@cyngn.com>
Date: Tue, 10 May 2016 04:59:44 +0000 (-0700)
Subject: stagefright-plugins: Fix crash with invalid FLAC file
X-Git-Tag: android-x86-7.1-r1~32
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;ds=sidebyside;h=20a14f32d8b0898ab5d47005cf3dbdf7bef93487;p=android-x86%2Fexternal-stagefright-plugins.git

stagefright-plugins: Fix crash with invalid FLAC file

 * Check size of the extradata before groping it's bits.
 * Also fix a trivial compilation warning on 64-bit.

Change-Id: I60a5a075e4718317901144d991b116039d45d8ec
---

diff --git a/utils/codec_utils.cpp b/utils/codec_utils.cpp
index 5cf30de..8d39285 100644
--- a/utils/codec_utils.cpp
+++ b/utils/codec_utils.cpp
@@ -450,6 +450,11 @@ sp<MetaData> setFLACFormat(AVCodecContext *avctx)
     meta->setCString(kKeyMIMEType, MEDIA_MIMETYPE_AUDIO_FLAC);
     meta->setData(kKeyRawCodecSpecificData, 0, avctx->extradata, avctx->extradata_size);
 
+    if (avctx->extradata_size < 10) {
+        ALOGE("Invalid extradata in FLAC file! (size=%d)", avctx->extradata_size);
+        return meta;
+    }
+
     ABitReader br(avctx->extradata, avctx->extradata_size);
     int32_t minBlockSize = br.getBits(16);
     int32_t maxBlockSize = br.getBits(16);
@@ -575,7 +580,7 @@ status_t parseMetadataTags(AVFormatContext *ctx, const sp<MetaData> &meta) {
                         mime = NULL;
                     }
                     if (mime != NULL) {
-                        ALOGV("found albumart in stream %d with type %s len %d", i, mime, pkt.size);
+                        ALOGV("found albumart in stream %zu with type %s len %d", i, mime, pkt.size);
                         meta->setData(kKeyAlbumArt, MetaData::TYPE_NONE, pkt.data, pkt.size);
                         meta->setCString(kKeyAlbumArtMIME, mime);
                     }