[vlc-commits] demux: es: fix read overflow

Mon Aug 29 04:10:58 CEST 2016

vlc | branch: master | Francois Cartegnie <fcvlcdev at free.fr> | Mon Aug 29 11:10:18 2016 +0900| [d5b64fda981532f93e86932e23497ef7a01c1a5c] | committer: Francois Cartegnie

demux: es: fix read overflow

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=d5b64fda981532f93e86932e23497ef7a01c1a5c
---

 modules/demux/mpeg/es.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/demux/mpeg/es.c b/modules/demux/mpeg/es.c
index b82e610..7728cc5 100644
--- a/modules/demux/mpeg/es.c
+++ b/modules/demux/mpeg/es.c
@@ -924,7 +924,7 @@ static int ID3Parse( demux_t *p_demux )
             uint32_t i_framesize = ID3ReadSize( &p_frame[4], b_syncsafe ) + 10;
             if( i_framesize > i_peek )
                 return VLC_EGENERIC;
-            if( !memcmp(p_frame, "MLLT", 4) && i_framesize > 20 )
+            if( i_framesize > 24 && !memcmp(p_frame, "MLLT", 4) )
             {
                 const uint8_t *p_payload = &p_frame[10];
                 p_sys->mllt.i_frames_btw_refs = GetWBE(p_payload);

