media/gpu/v4l2/v4l2_video_decoder_backend_stateful.cc · 05cdfc3610534e3430f9934b6b99ca6739d5ffa5 · eriksson monteiro / tangled

media/gpu/v4l2vd: check that crop is smaller than buffer · 05cdfc36

David Stevens authored Nov 26, 2020

Check that the visible size of a decoded buffer is smaller than the
coded size. Returning an error here prevents a later crash due to
VideoFrame::IsValidConfig failing.

Bug: b:170727869
Test: android.security.cts.StagefrightTest#testStagefright_cve_2016_2454 on trogdor
Change-Id: I2df5fcb345b925bca9804b5898b15d02df64ce4f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2551854Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Reviewed-by: Chih-Yu Huang <akahuang@chromium.org>
Commit-Queue: David Stevens <stevensd@chromium.org>
Cr-Commit-Position: refs/heads/master@{#831239}

05cdfc36

v4l2_video_decoder_backend_stateful.cc 20.2 KB

Replace v4l2_video_decoder_backend_stateful.cc