[vlc-commits] demux: mp4: check for overflows in PeekBoxHeader
Francois Cartegnie
git at videolan.org
Thu Nov 10 11:03:22 CET 2016
vlc/vlc-2.2 | branch: master | Francois Cartegnie <fcvlcdev at free.fr> | Fri Nov 4 19:51:53 2016 +0100| [bfe14f47b1814a364b201a7b6506b21de1cdda58] | committer: Francois Cartegnie
demux: mp4: check for overflows in PeekBoxHeader
refs #17584
cherry-picked from 8466176518508a3268ffe1272d998bcb2340e603
> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=bfe14f47b1814a364b201a7b6506b21de1cdda58
---
modules/demux/mp4/libmp4.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/modules/demux/mp4/libmp4.c b/modules/demux/mp4/libmp4.c
index 04469ef..7f992ba 100644
--- a/modules/demux/mp4/libmp4.c
+++ b/modules/demux/mp4/libmp4.c
@@ -105,6 +105,8 @@ int MP4_ReadBoxCommon( stream_t *p_stream, MP4_Box_t *p_box )
if( p_box->i_shortsize == 1 )
{
+ if( i_read < 8 )
+ return 0;
/* get the true size on 64 bits */
MP4_GET8BYTES( p_box->i_size );
}
@@ -114,8 +116,13 @@ int MP4_ReadBoxCommon( stream_t *p_stream, MP4_Box_t *p_box )
/* XXX size of 0 means that the box extends to end of file */
}
- if( p_box->i_type == ATOM_uuid && i_read >= 16 )
+ if( UINT64_MAX - p_box->i_size < p_box->i_pos )
+ return 0;
+
+ if( p_box->i_type == ATOM_uuid )
{
+ if( i_read < 16 )
+ return 0;
/* get extented type on 16 bytes */
GetUUID( &p_box->i_uuid, p_peek );
}
More information about the vlc-commits
mailing list