HEVC溢出bug
来源:互联网 发布:win10 连接网络打印机 编辑:程序博客网 时间:2024/06/03 18:25
https://android.googlesource.com/platform/frameworks/av/+/119a012b2a9a186655da4bef3ed4ed8dd9b94c26%5E%21/
android / platform / frameworks / av / 119a012b2a9a186655da4bef3ed4ed8dd9b94c26^! / .
stagefright: fix possible stack overflow in AVCC reassembleAdditionally, remove use of variable length array which isnon-standard in C++.Bug: 29161888Change-Id: Ifdc3e7435f2225214c053b13f3bfe71c7d0ff506
diff --git a/media/libstagefright/Utils.cpp b/media/libstagefright/Utils.cppindex 4303d09..8a0009c 100644--- a/media/libstagefright/Utils.cpp+++ b/media/libstagefright/Utils.cpp
@@ -22,6 +22,7 @@ #include <sys/stat.h> #include <utility>+#include <vector> #include "include/ESDS.h" #include "include/HevcUtils.h"@@ -1377,24 +1378,24 @@ // reassemble the csd data into its original form sp<ABuffer> csd0, csd1, csd2; if (msg->findBuffer("csd-0", &csd0)) {+ int csd0size = csd0->size(); if (mime == MEDIA_MIMETYPE_VIDEO_AVC) { sp<ABuffer> csd1; if (msg->findBuffer("csd-1", &csd1)) {- char avcc[1024]; // that oughta be enough, right?- size_t outsize = reassembleAVCC(csd0, csd1, avcc);- meta->setData(kKeyAVCC, kKeyAVCC, avcc, outsize);+ std::vector<char> avcc(csd0size + csd1->size() + 1024);+ size_t outsize = reassembleAVCC(csd0, csd1, avcc.data());+ meta->setData(kKeyAVCC, kKeyAVCC, avcc.data(), outsize); } } else if (mime == MEDIA_MIMETYPE_AUDIO_AAC || mime == MEDIA_MIMETYPE_VIDEO_MPEG4) {- int csd0size = csd0->size();- char esds[csd0size + 31];+ std::vector<char> esds(csd0size + 31); // The written ESDS is actually for an audio stream, but it's enough // for transporting the CSD to muxers.- reassembleESDS(csd0, esds);- meta->setData(kKeyESDS, kKeyESDS, esds, sizeof(esds));+ reassembleESDS(csd0, esds.data());+ meta->setData(kKeyESDS, kKeyESDS, esds.data(), esds.size()); } else if (mime == MEDIA_MIMETYPE_VIDEO_HEVC) {- uint8_t hvcc[1024]; // that oughta be enough, right?- size_t outsize = reassembleHVCC(csd0, hvcc, 1024, 4);- meta->setData(kKeyHVCC, kKeyHVCC, hvcc, outsize);+ std::vector<uint8_t> hvcc(csd0size + 1024);+ size_t outsize = reassembleHVCC(csd0, hvcc.data(), hvcc.size(), 4);+ meta->setData(kKeyHVCC, kKeyHVCC, hvcc.data(), outsize); } else if (mime == MEDIA_MIMETYPE_VIDEO_VP9) { meta->setData(kKeyVp9CodecPrivate, 0, csd0->data(), csd0->size()); } else if (mime == MEDIA_MIMETYPE_AUDIO_OPUS) {
0 0
- HEVC溢出bug
- IE6文字溢出BUG
- IE6文字溢出bug解决办法
- IE6文字溢出Bug:多出一只猪
- 一个栈溢出的BUG
- ulua整数溢出的BUG
- hevc
- HEVC
- HEVC
- HEVC
- HEVC
- 缓冲区溢出引起奇怪的bug
- 文本溢出显示省略标记'...'的bug
- Firefox奇怪的文字溢出bug,百思不得其解
- 内存溢出bug的修复方法
- IE6下的文字溢出BUG
- [bug]weblogic编译时内存溢出
- Storm netty client溢出的bug分析
- 多种方式查看网站的cookie
- 【LeetCode】binary-tree-postorder-traversal
- 2017年4月17日工作日记
- undefined reference to Mat_VarCreate'
- SuperMap GIS服务加速解决方案
- HEVC溢出bug
- C# winform DevExpress上传图片
- 【LeetCode】 142. Linked List Cycle II C语言
- 图像熵
- java问题总结
- MVVM模式
- iOS
- android新特性:RecyclerView与CardView配合使用
- 【BZOJ 1853】【SCOI 2010】幸运数字