Commit 873bcee7 authored by Laurent Aimar's avatar Laurent Aimar

Fixed potential invalid access with too short packetized data.

parent fe82dccc
......@@ -202,7 +202,7 @@ static int Open( vlc_object_t *p_this )
packetizer_Init( &p_sys->packetizer,
p_h264_startcode, sizeof(p_h264_startcode),
p_h264_startcode, 1,
p_h264_startcode, 1, 5,
PacketizeReset, PacketizeParse, PacketizeValidate, p_dec );
p_sys->b_slice = false;
......@@ -520,7 +520,7 @@ static block_t *PacketizeParse( void *p_private, bool *pb_ts_used, block_t *p_bl
decoder_t *p_dec = p_private;
/* Remove trailing 0 bytes */
while( p_block->i_buffer && p_block->p_buffer[p_block->i_buffer-1] == 0x00 )
while( p_block->i_buffer > 5 && p_block->p_buffer[p_block->i_buffer-1] == 0x00 )
p_block->i_buffer--;
return ParseNALBlock( p_dec, pb_ts_used, p_block );
......
......@@ -142,7 +142,7 @@ static int Open( vlc_object_t *p_this )
/* Misc init */
packetizer_Init( &p_sys->packetizer,
p_mp4v_startcode, sizeof(p_mp4v_startcode),
NULL, 0,
NULL, 0, 4,
PacketizeReset, PacketizeParse, PacketizeValidate, p_dec );
p_sys->p_frame = NULL;
......
......@@ -170,7 +170,7 @@ static int Open( vlc_object_t *p_this )
/* Misc init */
packetizer_Init( &p_sys->packetizer,
p_mp2v_startcode, sizeof(p_mp2v_startcode),
NULL, 0,
NULL, 0, 4,
PacketizeReset, PacketizeParse, PacketizeValidate, p_dec );
p_sys->p_seq = NULL;
......@@ -305,7 +305,7 @@ static block_t *PacketizeParse( void *p_private, bool *pb_ts_used, block_t *p_bl
decoder_t *p_dec = p_private;
/* Check if we have a picture start code */
*pb_ts_used = p_block->i_buffer >= 4 && p_block->p_buffer[3] == 0x00;
*pb_ts_used = p_block->p_buffer[3] == 0x00;
return ParseMPEGBlock( p_dec, p_block );
}
......
......@@ -49,6 +49,8 @@ typedef struct
int i_au_prepend;
const uint8_t *p_au_prepend;
unsigned i_au_min_size;
void *p_private;
packetizer_reset_t pf_reset;
packetizer_parse_t pf_parse;
......@@ -59,6 +61,7 @@ typedef struct
static inline void packetizer_Init( packetizer_t *p_pack,
const uint8_t *p_startcode, int i_startcode,
const uint8_t *p_au_prepend, int i_au_prepend,
unsigned i_au_min_size,
packetizer_reset_t pf_reset,
packetizer_parse_t pf_parse,
packetizer_validate_t pf_validate,
......@@ -71,6 +74,7 @@ static inline void packetizer_Init( packetizer_t *p_pack,
p_pack->i_au_prepend = i_au_prepend;
p_pack->p_au_prepend = p_au_prepend;
p_pack->i_au_min_size = i_au_min_size;
p_pack->i_startcode = i_startcode;
p_pack->p_startcode = p_startcode;
......@@ -167,11 +171,19 @@ static inline block_t *packetizer_Packetize( packetizer_t *p_pack, block_t **pp_
p_pack->i_offset = 0;
/* Parse the NAL */
p_pic = p_pack->pf_parse( p_pack->p_private, &b_used_ts, p_pic );
if( b_used_ts )
if( p_pic->i_buffer < p_pack->i_au_min_size )
{
block_Release( p_pic );
p_pic = NULL;
}
else
{
p_block_bytestream->i_dts = VLC_TS_INVALID;
p_block_bytestream->i_pts = VLC_TS_INVALID;
p_pic = p_pack->pf_parse( p_pack->p_private, &b_used_ts, p_pic );
if( b_used_ts )
{
p_block_bytestream->i_dts = VLC_TS_INVALID;
p_block_bytestream->i_pts = VLC_TS_INVALID;
}
}
if( !p_pic )
......
......@@ -143,7 +143,7 @@ static int Open( vlc_object_t *p_this )
packetizer_Init( &p_sys->packetizer,
p_vc1_startcode, sizeof(p_vc1_startcode),
NULL, 0,
NULL, 0, 4,
PacketizeReset, PacketizeParse, PacketizeValidate, p_dec );
p_sys->b_sequence_header = false;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment