[vlc-commits] demux: mp4: have ReadBox check final size
Francois Cartegnie
git at videolan.org
Tue May 5 20:36:03 CEST 2015
vlc | branch: master | Francois Cartegnie <fcvlcdev at free.fr> | Tue May 5 18:53:59 2015 +0200| [cadfe695b4c138aa8708dc7c8cc5ecbdad77696c] | committer: Francois Cartegnie
demux: mp4: have ReadBox check final size
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=cadfe695b4c138aa8708dc7c8cc5ecbdad77696c
---
modules/demux/mp4/libmp4.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/modules/demux/mp4/libmp4.c b/modules/demux/mp4/libmp4.c
index 849d613..29835ee 100644
--- a/modules/demux/mp4/libmp4.c
+++ b/modules/demux/mp4/libmp4.c
@@ -3981,6 +3981,15 @@ static MP4_Box_t *MP4_ReadBox( stream_t *p_stream, MP4_Box_t *p_father )
free( p_box );
return NULL;
}
+
+ if( p_father && p_father->i_size > 0 &&
+ p_father->i_pos + p_father->i_size < p_box->i_pos + p_box->i_size )
+ {
+ msg_Dbg( p_stream, "out of bound child" );
+ free( p_box );
+ return NULL;
+ }
+
if( !p_box->i_size )
{
msg_Dbg( p_stream, "found an empty box (null size)" );
More information about the vlc-commits
mailing list