Bug 1254731: P1. Check for overflow and that conversion succeeded. r=gerald a=lizzard
authorJean-Yves Avenard <jyavenard@mozilla.com>
Fri, 11 Mar 2016 23:45:17 +1100
changeset 323817 5dc679605d0b2397af99f4d072b71607721c41bc
parent 323816 71f5a85ac2b38dbe441b2e894bea002cf9f902bd
child 323818 9a085dffa2eab4094761233eb62655753822e23b
push id5913
push userjlund@mozilla.com
push dateMon, 25 Apr 2016 16:57:49 +0000
treeherdermozilla-beta@dcaf0a6fa115 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgerald, lizzard
bugs1254731
milestone47.0a2
Bug 1254731: P1. Check for overflow and that conversion succeeded. r=gerald a=lizzard MozReview-Commit-ID: Cs33P9QyP2V
media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp
--- a/media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp
@@ -34,16 +34,18 @@
 #include <media/stagefright/foundation/ADebug.h>
 #include <media/stagefright/foundation/AMessage.h>
 #include <media/stagefright/MediaBuffer.h>
 #include <media/stagefright/MediaDefs.h>
 #include <media/stagefright/MediaSource.h>
 #include <media/stagefright/MetaData.h>
 #include <utils/String8.h>
 
+#include <limits>
+
 static const uint32_t kMAX_ALLOCATION =
     (SIZE_MAX < INT32_MAX ? SIZE_MAX : INT32_MAX) - 128;
 
 namespace stagefright {
 
 class MPEG4Source : public MediaSource {
 public:
     MPEG4Source(const sp<MetaData> &format,
@@ -624,23 +626,34 @@ static bool underMetaDataPath(const nsTA
 }
 
 // Given a time in seconds since Jan 1 1904, produce a human-readable string.
 static bool convertTimeToDate(int64_t time_1904, String8 *s) {
     if (!s) {
         return false;
     }
 
-    time_t time_1970 = time_1904 - (((66 * 365 + 17) * 24) * 3600);
+    int64_t time_1970 = time_1904 - (((66 * 365 + 17) * 24) * 3600);
     if (time_1970 < 0) {
         return false;
     }
+    if (time_1970 >= std::numeric_limits<time_t>::max()) {
+        return false;
+    }
+    time_t time_checked = time_1970;
+
+    struct tm* time_gm = gmtime(&time_checked);
+    if (!time_gm) {
+        return false;
+    }
 
     char tmp[32];
-    strftime(tmp, sizeof(tmp), "%Y%m%dT%H%M%S.000Z", gmtime(&time_1970));
+    if (!strftime(tmp, sizeof(tmp), "%Y%m%dT%H%M%S.000Z", time_gm)) {
+        return false;
+    }
 
     s->setTo(tmp);
     return true;
 }
 
 static bool ValidInputSize(int32_t size) {
   // Reject compressed samples larger than an uncompressed UHD
   // frame. This is a reasonable cut-off for a lossy codec,