mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-27 00:19:26 -05:00
082bc48c32
https://review.lineageos.org/q/topic:P_asb_2022-05 https://review.lineageos.org/q/topic:P_asb_2022-06 https://review.lineageos.org/q/topic:P_asb_2022-07 https://review.lineageos.org/q/topic:P_asb_2022-08 https://review.lineageos.org/q/topic:P_asb_2022-09 https://review.lineageos.org/q/topic:P_asb_2022-10 https://review.lineageos.org/q/topic:P_asb_2022-11 https://review.lineageos.org/q/topic:P_asb_2022-12 https://review.lineageos.org/q/topic:P_asb_2023-01 https://review.lineageos.org/q/topic:P_asb_2023-02 https://review.lineageos.org/q/topic:P_asb_2023-03 https://review.lineageos.org/q/topic:P_asb_2023-04 https://review.lineageos.org/q/topic:P_asb_2023-05 https://review.lineageos.org/q/topic:P_asb_2023-06 https://review.lineageos.org/q/topic:P_asb_2023-07 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/361250 https://review.lineageos.org/q/topic:P_asb_2023-08 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/364606 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/365328 https://review.lineageos.org/q/topic:P_asb_2023-09 https://review.lineageos.org/q/topic:P_asb_2023-10 https://review.lineageos.org/q/topic:P_asb_2023-11 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/374916 https://review.lineageos.org/q/topic:P_asb_2023-12 https://review.lineageos.org/q/topic:P_asb_2024-01 https://review.lineageos.org/q/topic:P_asb_2024-02 https://review.lineageos.org/q/topic:P_asb_2024-03 https://review.lineageos.org/q/topic:P_asb_2024-04 Signed-off-by: Tavi <tavi@divested.dev>
35 lines
1.5 KiB
Diff
35 lines
1.5 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Haripriya Deshmukh <haripriya.deshmukh@ittiam.com>
|
|
Date: Tue, 5 Dec 2023 18:32:38 +0000
|
|
Subject: [PATCH] Fix out of bounds read and write in onQueueFilled in outQueue
|
|
|
|
Bug: 276442130
|
|
Test: POC in bug descriptions
|
|
(cherry picked from https://partner-android-review.googlesource.com/q/commit:7aef41e59412e2f95bab5de7e33f5f04bb808643)
|
|
(cherry picked from commit 8f4cfda9fc75f1e9ba3b6dee3fbffda4b6111d64)
|
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:208e430bc6380fafafca8041b239f835263a9d47)
|
|
Merged-In: Ic230d10048193a785f185dc6a7de6f455f9318c1
|
|
Change-Id: Ic230d10048193a785f185dc6a7de6f455f9318c1
|
|
---
|
|
media/libstagefright/codecs/m4v_h263/dec/SoftMPEG4.cpp | 7 +++++--
|
|
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/media/libstagefright/codecs/m4v_h263/dec/SoftMPEG4.cpp b/media/libstagefright/codecs/m4v_h263/dec/SoftMPEG4.cpp
|
|
index fda70280a7..b78ac4325a 100644
|
|
--- a/media/libstagefright/codecs/m4v_h263/dec/SoftMPEG4.cpp
|
|
+++ b/media/libstagefright/codecs/m4v_h263/dec/SoftMPEG4.cpp
|
|
@@ -308,8 +308,11 @@ void SoftMPEG4::onQueueFilled(OMX_U32 /* portIndex */) {
|
|
outHeader->nFilledLen = frameSize;
|
|
|
|
List<BufferInfo *>::iterator it = outQueue.begin();
|
|
- while ((*it)->mHeader != outHeader) {
|
|
- ++it;
|
|
+ while (it != outQueue.end() && (*it)->mHeader != outHeader) {
|
|
+ ++it;
|
|
+ }
|
|
+ if (it == outQueue.end()) {
|
|
+ return;
|
|
}
|
|
|
|
BufferInfo *outInfo = *it;
|