NuPlayerDecoder: check buffer size before memcpy Test: none Bug: 111649621 Change-Id: I7f19a66a11eaeb54bf9513a4f56aa1ee7d3d81f5

commit: 9b5a7ad0e9901bb1b4ed46f0f1aac5a75ea8e627 [log] [tgz]
author: Wei Jia <wjia@google.com> Fri Jul 27 17:33:24 2018 -0700
committer: Wei Jia <wjia@google.com> Fri Jul 27 17:41:55 2018 -0700
tree: 1864c5bc84f8214fd52391e291b20cb2afb5f77b
parent: 93adab132cfdd6e71cee2af14eea711b49a4c76d [diff] [blame]
diff --git a/media/libmediaplayerservice/nuplayer/NuPlayerDecoder.cpp b/media/libmediaplayerservice/nuplayer/NuPlayerDecoder.cpp
index 69cd82e..050e4fb 100644
--- a/media/libmediaplayerservice/nuplayer/NuPlayerDecoder.cpp
+++ b/media/libmediaplayerservice/nuplayer/NuPlayerDecoder.cpp

@@ -1069,6 +1069,12 @@
                         static_cast<MediaBufferHolder*>(holder.get())->mediaBuffer() : nullptr;
                 }
                 if (mediaBuf != NULL) {
+                    if (mediaBuf->size() > codecBuffer->capacity()) {
+                        handleError(ERROR_BUFFER_TOO_SMALL);
+                        mDequeuedInputBuffers.push_back(bufferIx);
+                        return false;
+                    }
+
                     codecBuffer->setRange(0, mediaBuf->size());
                     memcpy(codecBuffer->data(), mediaBuf->data(), mediaBuf->size());
commit	9b5a7ad0e9901bb1b4ed46f0f1aac5a75ea8e627	[log] [tgz]
author	Wei Jia <wjia@google.com>	Fri Jul 27 17:33:24 2018 -0700
committer	Wei Jia <wjia@google.com>	Fri Jul 27 17:41:55 2018 -0700
tree	1864c5bc84f8214fd52391e291b20cb2afb5f77b
parent	93adab132cfdd6e71cee2af14eea711b49a4c76d [diff] [blame]