"Nokia submits this code under the terms of a commercial contribution agreement with Real Networks, and I am authorized to contribute this code under said agreement."

Modified by:  ext-debashis.2.panigrahi at nokia.com

Reviewed by: girish.shetty at nokia.com

RC Id: ou1cimx1#461871

Date: 01/04/2011

Project: SymbianMmf_wm

Synopsis: Photos /Camera- While opening a corrupt MMC from photos/ camera device hangs

Overview:
The content file is broken therefore file parser is not able to seek/ find next cluster after approximately 18 seconds of playback. Hence a hang is observed as the counter gets stuck in the loop for getting next element, which is un-available. This also leads to constant memory consumption and fragmentation, as constantly audio packets (in this case) are being created.

Fix:
Exiting out of the function if 'ReadIndex' is more than 16, which means a valid cluster is not present. This fix will just prevent the hang and un-necessary memory consumption for this file, the file still cannot be played after 18secs. Also changing the type of 'ReadSize' to unsigned integer 64 bit for better comparison as 'MaxDataSize' is a 64 bit integer, and it's impossible for a 32 bit integer to exceed a 64 bit one.

Files modified & changes:
xiph/matroskalib/libebml/src/EbmlElement.cpp

Image Size and Heap Use impact: No major impact

Module Release testing (STIF) : Passed

Test case(s) Added  : No

Memory leak check performed : Passed, No additional leaks introduced.

Platforms and Profiles Build Verified: helix-client-s60-52-mmf-mdf-dsp

Platforms and Profiles Functionality verified: armv5, winscw

Branch: 210CayS, 420Brizo and HEAD

CVS Diff on 210CayS:
Index: EbmlElement.cpp
===================================================================
RCS file: /cvsroot/xiph/matroskalib/libebml/src/EbmlElement.cpp,v
retrieving revision 1.1.1.1.2.1
diff -u -w -r1.1.1.1.2.1 EbmlElement.cpp
--- EbmlElement.cpp     19 Mar 2010 19:25:34 -0000      1.1.1.1.2.1
+++ EbmlElement.cpp     2 Feb 2011 09:21:07 -0000
@@ -338,7 +338,7 @@
        int PossibleSizeLength;
        uint64 SizeUnknown;
        int ReadIndex = 0; // trick for the algo, start index at 0
-       uint32 ReadSize = 0;
+       uint64 ReadSize = 0;
        uint64 SizeFound;
        int SizeIdx;
        bool bFound;
@@ -348,6 +348,10 @@
                // read a potential ID
                do {
                        assert(ReadIndex < 16);
+                       if (ReadIndex >= 16)
+                       {
+                               return NULL;
+                       }
                        // build the ID with the current Read Buffer
                        bFound = false;
                        binary IdBitMask = 1 << 7;
@@ -367,7 +371,7 @@
                        if (ReadIndex >= 4) {
                                // ID not found
                                // shift left the read octets
-                               memmove(&PossibleIdNSize[0],&PossibleIdNSize[1], --ReadIndex);
+                              memmove(&PossibleIdNSize[0],&PossibleIdNSize[1], --SizeIdx);
                        }

                        if (DataStream.read(&PossibleIdNSize[ReadIndex++], 1) == 0) {)