[vlc-commits] demux: mp4: have ReadBox check final size
Francois Cartegnie
git at videolan.org
Tue May 5 21:57:08 CEST 2015
vlc/vlc-2.2 | branch: master | Francois Cartegnie <fcvlcdev at free.fr> | Tue May 5 18:53:59 2015 +0200| [d69f7fdb349e24e8cea9235815cbc56b36398686] | committer: Jean-Baptiste Kempf
demux: mp4: have ReadBox check final size
(cherry picked from commit cadfe695b4c138aa8708dc7c8cc5ecbdad77696c)
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=d69f7fdb349e24e8cea9235815cbc56b36398686
---
modules/demux/mp4/libmp4.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/modules/demux/mp4/libmp4.c b/modules/demux/mp4/libmp4.c
index 3912e7e..331262b 100644
--- a/modules/demux/mp4/libmp4.c
+++ b/modules/demux/mp4/libmp4.c
@@ -3576,6 +3576,15 @@ static MP4_Box_t *MP4_ReadBox( stream_t *p_stream, MP4_Box_t *p_father )
free( p_box );
return NULL;
}
+
+ if( p_father && p_father->i_size > 0 &&
+ p_father->i_pos + p_father->i_size < p_box->i_pos + p_box->i_size )
+ {
+ msg_Dbg( p_stream, "out of bound child" );
+ free( p_box );
+ return NULL;
+ }
+
if( !p_box->i_size )
{
msg_Dbg( p_stream, "found an empty box (null size)" );
More information about the vlc-commits
mailing list