-
Dan Sanders authored
Before this change, BoxReader could read syntax elements outside of a box in cases where the MP4 was invalid. This isn't a security concern, since the reads were still bounded by the buffer size, but it did make it hard to interpret the later failures. This CL shrinks |buf_size_| to match |box_size_| when the box size is read. OOB reads will now result in Parse failures immediately. Bug: 779321 Change-Id: I54be6ba3815d1502233b5e95d099ce9d9a54b3cc Reviewed-on: https://chromium-review.googlesource.com/747080Reviewed-by:
Chrome Cunningham <chcunningham@chromium.org> Commit-Queue: Dan Sanders <sandersd@chromium.org> Cr-Commit-Position: refs/heads/master@{#513000}
4b28187d
