DO NOT MERGE - MPEG4Extractor: Check mLastTrack before dereferencing. am: de84a76b86
am: 2c76c56d56
Change-Id: I24c8963da1f34e724213bbb896722a06d1eca378
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index 1c2a3bf..37adcbc 100644
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -864,6 +864,9 @@
}
}
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
mLastTrack->sampleTable = new SampleTable(mDataSource);
}
@@ -960,6 +963,9 @@
} else if (mHeaderTimescale == 0) {
ALOGW("ignoring edit list because timescale is 0");
} else {
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
off64_t entriesoffset = data_offset + 8;
uint64_t segment_duration;
int64_t media_time;
@@ -1011,6 +1017,9 @@
case FOURCC('f', 'r', 'm', 'a'):
{
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
uint32_t original_fourcc;
if (mDataSource->readAt(data_offset, &original_fourcc, 4) < 4) {
return ERROR_IO;
@@ -1030,6 +1039,9 @@
case FOURCC('t', 'e', 'n', 'c'):
{
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
if (chunk_size < 32) {
return ERROR_MALFORMED;
}
@@ -1080,6 +1092,9 @@
case FOURCC('t', 'k', 'h', 'd'):
{
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
status_t err;
if ((err = parseTrackHeader(data_offset, chunk_data_size)) != OK) {
return err;
@@ -1125,6 +1140,9 @@
case FOURCC('m', 'd', 'h', 'd'):
{
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
if (chunk_data_size < 4) {
return ERROR_MALFORMED;
}
@@ -1233,6 +1251,9 @@
uint32_t entry_count = U32_AT(&buffer[4]);
if (entry_count > 1) {
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
// For 3GPP timed text, there could be multiple tx3g boxes contain
// multiple text display formats. These formats will be used to
// display the timed text.
@@ -1267,6 +1288,9 @@
case FOURCC('s', 'a', 'm', 'r'):
case FOURCC('s', 'a', 'w', 'b'):
{
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
uint8_t buffer[8 + 20];
if (chunk_data_size < (ssize_t)sizeof(buffer)) {
// Basic AudioSampleEntry size.
@@ -1316,6 +1340,9 @@
case FOURCC('h', '2', '6', '3'):
case FOURCC('a', 'v', 'c', '1'):
{
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
mHasVideo = true;
uint8_t buffer[78];
@@ -1368,6 +1395,9 @@
case FOURCC('s', 't', 'c', 'o'):
case FOURCC('c', 'o', '6', '4'):
{
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
status_t err =
mLastTrack->sampleTable->setChunkOffsetParams(
chunk_type, data_offset, chunk_data_size);
@@ -1382,6 +1412,9 @@
case FOURCC('s', 't', 's', 'c'):
{
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
status_t err =
mLastTrack->sampleTable->setSampleToChunkParams(
data_offset, chunk_data_size);
@@ -1397,6 +1430,9 @@
case FOURCC('s', 't', 's', 'z'):
case FOURCC('s', 't', 'z', '2'):
{
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
status_t err =
mLastTrack->sampleTable->setSampleSizeParams(
chunk_type, data_offset, chunk_data_size);
@@ -1477,6 +1513,9 @@
case FOURCC('s', 't', 't', 's'):
{
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
status_t err =
mLastTrack->sampleTable->setTimeToSampleParams(
data_offset, chunk_data_size);
@@ -1491,6 +1530,9 @@
case FOURCC('c', 't', 't', 's'):
{
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
status_t err =
mLastTrack->sampleTable->setCompositionTimeToSampleParams(
data_offset, chunk_data_size);
@@ -1505,6 +1547,9 @@
case FOURCC('s', 't', 's', 's'):
{
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
status_t err =
mLastTrack->sampleTable->setSyncSampleParams(
data_offset, chunk_data_size);
@@ -1554,6 +1599,9 @@
case FOURCC('e', 's', 'd', 's'):
{
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
if (chunk_data_size < 4) {
return ERROR_MALFORMED;
}
@@ -1597,6 +1645,9 @@
case FOURCC('a', 'v', 'c', 'C'):
{
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
sp<ABuffer> buffer = new ABuffer(chunk_data_size);
if (buffer->data() == NULL) {
@@ -1618,6 +1669,9 @@
case FOURCC('d', '2', '6', '3'):
{
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
/*
* d263 contains a fixed 7 bytes part:
* vendor - 4 bytes
@@ -1773,6 +1827,9 @@
case FOURCC('t', 'x', '3', 'g'):
{
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
uint32_t type;
const void *data;
size_t size = 0;
@@ -1882,6 +1939,9 @@
case FOURCC('s', 'i', 'd', 'x'):
{
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
parseSegmentIndex(data_offset, chunk_data_size);
*offset += chunk_size;
return UNKNOWN_ERROR; // stop parsing after sidx
@@ -2244,6 +2304,9 @@
int32_t delay, padding;
if (sscanf(mLastCommentData,
" %*x %x %x %*x", &delay, &padding) == 2) {
+ if (mLastTrack == NULL) {
+ return ERROR_MALFORMED;
+ }
mLastTrack->meta->setInt32(kKeyEncoderDelay, delay);
mLastTrack->meta->setInt32(kKeyEncoderPadding, padding);
}