[vlc-commits] demux: mp4: check for overflows in PeekBoxHeader
Francois Cartegnie
git at videolan.org
Fri Nov 4 19:54:00 CET 2016
vlc | branch: master | Francois Cartegnie <fcvlcdev at free.fr> | Fri Nov 4 19:51:53 2016 +0100| [54c152537b859adae7c8a9cee5bebae80622c06d] | committer: Francois Cartegnie
demux: mp4: check for overflows in PeekBoxHeader
refs #17584
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=54c152537b859adae7c8a9cee5bebae80622c06d
---
modules/demux/mp4/libmp4.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/modules/demux/mp4/libmp4.c b/modules/demux/mp4/libmp4.c
index e16a795..dd6adf8 100644
--- a/modules/demux/mp4/libmp4.c
+++ b/modules/demux/mp4/libmp4.c
@@ -169,6 +169,8 @@ static int MP4_PeekBoxHeader( stream_t *p_stream, MP4_Box_t *p_box )
if( p_box->i_shortsize == 1 )
{
+ if( i_read < 16 )
+ return 0;
/* get the true size on 64 bits */
MP4_GET8BYTES( p_box->i_size );
}
@@ -178,8 +180,13 @@ static int MP4_PeekBoxHeader( stream_t *p_stream, MP4_Box_t *p_box )
/* XXX size of 0 means that the box extends to end of file */
}
- if( p_box->i_type == ATOM_uuid && i_read >= 16 )
+ if( UINT64_MAX - p_box->i_size < p_box->i_pos )
+ return 0;
+
+ if( p_box->i_type == ATOM_uuid )
{
+ if( i_read < 16 )
+ return 0;
/* get extented type on 16 bytes */
GetUUID( &p_box->i_uuid, p_peek );
}
More information about the vlc-commits
mailing list