Handle overflow in android::HeifDataSource::readAt

Bug: 73782357 Change-Id: I03a5b4c5ddaf2664f342973da7f1a79f29cd7be5
6 years ago · 237f9034c6
parent 4d4c461237
commit 237f9034c6
1 changed files with 5 additions and 0 deletions
--- a/media/libheif/HeifDecoderImpl.cpp
+++ b/media/libheif/HeifDecoderImpl.cpp
@ -139,6 +139,11 @@ ssize_t HeifDataSource::readAt(off64_t offset, size_t size) {
    // have been caught above.
    CHECK(offset >= mCachedOffset);

+    off64_t resultOffset;
+    if (__builtin_add_overflow(offset, size, &resultOffset)) {
+        return ERROR_IO;
+    }
+
    if (size == 0) {
        return 0;
    }