gecko: changeset 587595:37110e0f68ded4885a75497a483a634155f5bf80

author	Jean-Yves Avenard <jyavenard@mozilla.com>
	Thu, 01 Jun 2017 13:37:35 +0200
changeset 587595	37110e0f68ded4885a75497a483a634155f5bf80
parent 587594	e142347b3db5fb9264f72e7e2c8677ce548b1e90
child 587663	cfe5dcdaa5ae95f4dcbdd9be7a94ba87dccd7ecf
push id	61767
push user	bmo:jyavenard@mozilla.com
push date	Thu, 01 Jun 2017 11:46:49 +0000
reviewers	gerald
bugs	1313398
milestone	55.0a1

--- a/media/libstagefright/binding/AnnexB.cpp
+++ b/media/libstagefright/binding/AnnexB.cpp
@@ -283,17 +283,30 @@ AnnexB::ExtractExtraData(const mozilla::
   ByteWriter spsw(sps);
   int numSps = 0;
   // PPS content
   mozilla::Vector<uint8_t> pps;
   ByteWriter ppsw(pps);
   int numPps = 0;
 
   int nalLenSize = ((*aSample->mExtraData)[4] & 3) + 1;
-  ByteReader reader(aSample->Data(), aSample->Size());
+
+  size_t sampleSize = aSample->Size();
+  if (aSample->mCrypto.mValid) {
+    // The content is encrypted, we can only parse the non-encrypted data.
+    MOZ_ASSERT(aSample->mCrypto.mPlainSizes.Length() > 0);
+    if (aSample->mCrypto.mPlainSizes.Length() == 0 ||
+        aSample->mCrypto.mPlainSizes[0] > sampleSize) {
+      // This is invalid content.
+      return nullptr;
+    }
+    sampleSize = aSample->mCrypto.mPlainSizes[0];
+  }
+
+  ByteReader reader(aSample->Data(), sampleSize);
 
   // Find SPS and PPS NALUs in AVCC data
   while (reader.Remaining() > nalLenSize) {
     uint32_t nalLen;
     switch (nalLenSize) {
       case 1: nalLen = reader.ReadU8();  break;
       case 2: nalLen = reader.ReadU16(); break;
       case 3: nalLen = reader.ReadU24(); break;