From bc69509aba5afacaeb0e2ac5114f5a7c155f352a Mon Sep 17 00:00:00 2001 From: christosts Date: Mon, 26 Apr 2021 13:03:47 +0100 Subject: [PATCH] CronetDataSource: fix overflow bug There is a bug when CronetDataSource opens an asset with a length bigger that Integer.MAX_INT (2147483647 bytes, ~2GB). In read(), `bytesRemaining` is cast to int, which overflows and evaluates to a negative number, causing `bytesRead` to be negative too. PiperOrigin-RevId: 370434368 --- .../exoplayer2/ext/cronet/CronetDataSource.java | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/extensions/cronet/src/main/java/com/google/android/exoplayer2/ext/cronet/CronetDataSource.java b/extensions/cronet/src/main/java/com/google/android/exoplayer2/ext/cronet/CronetDataSource.java index 178b7c03cf..9b73387fc1 100644 --- a/extensions/cronet/src/main/java/com/google/android/exoplayer2/ext/cronet/CronetDataSource.java +++ b/extensions/cronet/src/main/java/com/google/android/exoplayer2/ext/cronet/CronetDataSource.java @@ -38,7 +38,7 @@ import com.google.android.exoplayer2.util.Util; import com.google.common.base.Ascii; import com.google.common.base.Predicate; import com.google.common.net.HttpHeaders; -import com.google.common.primitives.Ints; +import com.google.common.primitives.Longs; import java.io.IOException; import java.io.InterruptedIOException; import java.net.SocketTimeoutException; @@ -676,10 +676,11 @@ public class CronetDataSource extends BaseDataSource implements HttpDataSource { // Ensure we read up to bytesRemaining, in case this was a Range request with finite end, but // the server does not support Range requests and transmitted the entire resource. int bytesRead = - Ints.min( - bytesRemaining != C.LENGTH_UNSET ? (int) bytesRemaining : Integer.MAX_VALUE, - readBuffer.remaining(), - readLength); + (int) + Longs.min( + bytesRemaining != C.LENGTH_UNSET ? bytesRemaining : Long.MAX_VALUE, + readBuffer.remaining(), + readLength); readBuffer.get(buffer, offset, bytesRead);