[vlc-commits] mp4a packetizer: fix buffer overflow

Sun Aug 25 23:58:16 CEST 2013

vlc/vlc-2.0 | branch: master | Rafaël Carré <funman at videolan.org> | Sat Aug 24 22:10:31 2013 +0200| [3935f5432ddda07d8a6826f3c67f664e95a8fe67] | committer: Jean-Baptiste Kempf

mp4a packetizer: fix buffer overflow

(cherry picked from commit 9794ec1cd268c04c8bca13a5fae15df6594dff3e)
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>

Conflicts:
	modules/packetizer/mpeg4audio.c

> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.0.git/?a=commit;h=3935f5432ddda07d8a6826f3c67f664e95a8fe67
---

 modules/packetizer/mpeg4audio.c |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/modules/packetizer/mpeg4audio.c b/modules/packetizer/mpeg4audio.c
index 5cbc01f..79caae9 100644
--- a/modules/packetizer/mpeg4audio.c
+++ b/modules/packetizer/mpeg4audio.c
@@ -881,7 +881,6 @@ static int LOASParse( decoder_t *p_dec, uint8_t *p_buffer, int i_buffer )
             for( i_program = 0; i_program < p_sys->latm.i_programs; i_program++ )
             {
                 int i_layer;
-                int i;
                 for( i_layer = 0; i_layer < p_sys->latm.pi_layers[i_program]; i_layer++ )
                 {
                     /* XXX we only extract 1 stream */
@@ -892,8 +891,11 @@ static int LOASParse( decoder_t *p_dec, uint8_t *p_buffer, int i_buffer )
                         continue;
 
                     /* FIXME that's slow (and a bit ugly to write in place) */
-                    for( i = 0; i < pi_payload[i_program][i_layer]; i++ )
-                        p_buffer[i_accumulated++] = bs_read( &s, 8 );
+                    for (int i = 0; i < pi_payload[i_program][i_layer]; i++) {
+                        if (i_accumulated >= i_buffer)
+                            return 0;
+                        p_buffer[i_accumulated++] = bs_read(&s, 8);
+                    }
                 }
             }
         }

