[FFmpeg-cvslog] mpegts: Validate the SL Packet Header Configuration
    Luca Barbato 
    git at videolan.org
       
    Tue Jun 21 14:49:13 CEST 2016
    
    
  
ffmpeg | branch: master | Luca Barbato <lu_zero at gentoo.org> | Wed Feb 17 02:16:42 2016 +0100| [74d98d1b0e0e7af444c933ea3c472494de3ce6f2] | committer: Luca Barbato
mpegts: Validate the SL Packet Header Configuration
timeStampLength, OCRLength and AU_Length have well specified upper
boundaries.
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=74d98d1b0e0e7af444c933ea3c472494de3ce6f2
---
 libavformat/mpegts.c |    5 +++++
 1 file changed, 5 insertions(+)
diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c
index 4a593cb..740cc14 100644
--- a/libavformat/mpegts.c
+++ b/libavformat/mpegts.c
@@ -1171,6 +1171,11 @@ static int parse_MP4SLDescrTag(MP4DescrParseContext *d, int64_t off, int len)
         descr->sl.degr_prior_len     = lengths >> 12;
         descr->sl.au_seq_num_len     = (lengths >> 7) & 0x1f;
         descr->sl.packet_seq_num_len = (lengths >> 2) & 0x1f;
+        if (descr->sl.timestamp_len >= 64 ||
+            descr->sl.ocr_len >= 64 ||
+            descr->sl.au_len >= 32) {
+            return AVERROR_INVALIDDATA;
+        }
     } else {
         avpriv_report_missing_feature(d->s, "Predefined SLConfigDescriptor");
     }
    
    
More information about the ffmpeg-cvslog
mailing list