Handle overflow in android::HeifDataSource::readAt
Bug: 73782357
Change-Id: I03a5b4c5ddaf2664f342973da7f1a79f29cd7be5
(cherry picked from commit 237f9034c6cbe5cbafb0cd4c862d9dddfbdf7389)
diff --git a/media/libheif/HeifDecoderImpl.cpp b/media/libheif/HeifDecoderImpl.cpp
index 175d458..57209e2 100644
--- a/media/libheif/HeifDecoderImpl.cpp
+++ b/media/libheif/HeifDecoderImpl.cpp
@@ -139,6 +139,11 @@
// have been caught above.
CHECK(offset >= mCachedOffset);
+ off64_t resultOffset;
+ if (__builtin_add_overflow(offset, size, &resultOffset)) {
+ return ERROR_IO;
+ }
+
if (size == 0) {
return 0;
}