[vlc-commits] Mp4: fix stsz parsing

[Jean-Baptiste Kempf]

vlc/vlc-1.2 | branch: master | Jean-Baptiste Kempf <jb at videolan.org> | Sun Dec 18 01:57:54 2011 +0100| [764bbec20f694aa9d5590ba477394c08acace8fe] | committer: Jean-Baptiste Kempf

Mp4: fix stsz parsing

Do not malloc 900Mb, for example...

Close #5689
(cherry picked from commit ef466bbdae537748a588bac3eb55bbaa6a989a88)

Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-1.2.git/?a=commit;h=764bbec20f694aa9d5590ba477394c08acace8fe
---

 modules/demux/mp4/libmp4.c |   19 +++++++++----------
 1 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/modules/demux/mp4/libmp4.c b/modules/demux/mp4/libmp4.c
index aa83ac0..5f31c19 100644
--- a/modules/demux/mp4/libmp4.c
+++ b/modules/demux/mp4/libmp4.c
@@ -1705,28 +1705,27 @@ static int MP4_ReadBox_stsd( stream_t *p_stream, MP4_Box_t *p_box )
 
 static int MP4_ReadBox_stsz( stream_t *p_stream, MP4_Box_t *p_box )
 {
-    unsigned int i;
-
     MP4_READBOX_ENTER( MP4_Box_data_stsz_t );
 
     MP4_GETVERSIONFLAGS( p_box->data.p_stsz );
 
     MP4_GET4BYTES( p_box->data.p_stsz->i_sample_size );
-
     MP4_GET4BYTES( p_box->data.p_stsz->i_sample_count );
 
-    p_box->data.p_stsz->i_entry_size =
-        calloc( p_box->data.p_stsz->i_sample_count, sizeof(uint32_t) );
-    if( p_box->data.p_stsz->i_entry_size == NULL )
-        MP4_READBOX_EXIT( 0 );
-
-    if( !p_box->data.p_stsz->i_sample_size )
+    if( p_box->data.p_stsz->i_sample_size == 0 )
     {
-        for( i=0; (i<p_box->data.p_stsz->i_sample_count)&&(i_read >= 4 ); i++ )
+        p_box->data.p_stsz->i_entry_size =
+            calloc( p_box->data.p_stsz->i_sample_count, sizeof(uint32_t) );
+        if( unlikely( !p_box->data.p_stsz->i_entry_size ) )
+            MP4_READBOX_EXIT( 0 );
+
+        for( unsigned int i = 0; (i<p_box->data.p_stsz->i_sample_count)&&(i_read >= 4 ); i++ )
         {
             MP4_GET4BYTES( p_box->data.p_stsz->i_entry_size[i] );
         }
     }
+    else
+        p_box->data.p_stsz->i_entry_size = NULL;
 
 #ifdef MP4_VERBOSE
     msg_Dbg( p_stream, "read box: \"stsz\" sample-size %d sample-count %d",