Handle overflow in android::HeifDataSource::readAt Bug: 73782357 Change-Id: I03a5b4c5ddaf2664f342973da7f1a79f29cd7be5

commit: 237f9034c6cbe5cbafb0cd4c862d9dddfbdf7389 [log] [tgz]
author: Sungtak Lee <taklee@google.com> Mon Mar 05 15:21:33 2018 -0800
committer: Sungtak Lee <taklee@google.com> Thu Mar 08 22:17:36 2018 +0000
tree: b2f46bad990085ba544d327fa5407075073f786b
parent: 4d4c46123781e08facc5ac8ba5bcf09dd0eb3ad7 [diff] [blame]
diff --git a/media/libheif/HeifDecoderImpl.cpp b/media/libheif/HeifDecoderImpl.cpp
index 175d458..57209e2 100644
--- a/media/libheif/HeifDecoderImpl.cpp
+++ b/media/libheif/HeifDecoderImpl.cpp

@@ -139,6 +139,11 @@
     // have been caught above.
     CHECK(offset >= mCachedOffset);
 
+    off64_t resultOffset;
+    if (__builtin_add_overflow(offset, size, &resultOffset)) {
+        return ERROR_IO;
+    }
+
     if (size == 0) {
         return 0;
     }
commit	237f9034c6cbe5cbafb0cd4c862d9dddfbdf7389	[log] [tgz]
author	Sungtak Lee <taklee@google.com>	Mon Mar 05 15:21:33 2018 -0800
committer	Sungtak Lee <taklee@google.com>	Thu Mar 08 22:17:36 2018 +0000
tree	b2f46bad990085ba544d327fa5407075073f786b
parent	4d4c46123781e08facc5ac8ba5bcf09dd0eb3ad7 [diff] [blame]