Merge "Fix a potential integer overflow in MediaBuffer"
diff --git a/media/extractors/flac/FLACExtractor.cpp b/media/extractors/flac/FLACExtractor.cpp
index e4bbc07..dcda6bf 100644
--- a/media/extractors/flac/FLACExtractor.cpp
+++ b/media/extractors/flac/FLACExtractor.cpp
@@ -806,14 +806,21 @@
bool SniffFLAC(DataSourceHelper *source, float *confidence)
{
- // first 4 is the signature word
- // second 4 is the sizeof STREAMINFO
- // 042 is the mandatory STREAMINFO
- // no need to read rest of the header, as a premature EOF will be caught later
- uint8_t header[4+4];
- if (source->readAt(0, header, sizeof(header)) != sizeof(header)
- || memcmp("fLaC\0\0\0\042", header, 4+4))
- {
+ // FLAC header.
+ // https://xiph.org/flac/format.html#stream
+ //
+ // Note: content stored big endian.
+ // byte offset bit size content
+ // 0 32 fLaC
+ // 4 8 metadata type STREAMINFO (0) (note: OR with 0x80 if last metadata)
+ // 5 24 size of metadata, for STREAMINFO (0x22).
+
+ // Android is LE, so express header as little endian int64 constant.
+ constexpr int64_t flacHeader = (0x22LL << 56) | 'CaLf';
+ constexpr int64_t flacHeader2 = flacHeader | (0x80LL << 32); // alternate form (last metadata)
+ int64_t header;
+ if (source->readAt(0, &header, sizeof(header)) != sizeof(header)
+ || (header != flacHeader && header != flacHeader2)) {
return false;
}
diff --git a/services/mediaextractor/seccomp_policy/mediaextractor-x86_64.policy b/services/mediaextractor/seccomp_policy/mediaextractor-x86_64.policy
index 35ac458..607a03e 100644
--- a/services/mediaextractor/seccomp_policy/mediaextractor-x86_64.policy
+++ b/services/mediaextractor/seccomp_policy/mediaextractor-x86_64.policy
@@ -11,6 +11,7 @@
mmap: 1
madvise: 1
openat: 1
+open: 1
clock_gettime: 1
writev: 1
brk: 1