[vlc-commits] mp4a packetizer: fix buffer overflow

Sat Aug 24 22:10:52 CEST 2013

vlc | branch: master | Rafaël Carré <funman at videolan.org> | Sat Aug 24 22:10:31 2013 +0200| [9794ec1cd268c04c8bca13a5fae15df6594dff3e] | committer: Rafaël Carré

mp4a packetizer: fix buffer overflow

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
---

 modules/packetizer/mpeg4audio.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/modules/packetizer/mpeg4audio.c b/modules/packetizer/mpeg4audio.c
index aaad221..c951295 100644
--- a/modules/packetizer/mpeg4audio.c
+++ b/modules/packetizer/mpeg4audio.c
@@ -804,8 +804,11 @@ static int LOASParse(decoder_t *p_dec, uint8_t *p_buffer, int i_buffer)
                         continue;
 
                     /* FIXME that's slow (and a bit ugly to write in place) */
-                    for (int i = 0; i < pi_payload[i_program][i_layer]; i++)
+                    for (int i = 0; i < pi_payload[i_program][i_layer]; i++) {
+                        if (i_accumulated >= i_buffer)
+                            return 0;
                         p_buffer[i_accumulated++] = bs_read(&s, 8);
+                    }
                 }
             }
         } else {

