[vlc-commits] demux: mp4: esds heap buffer ofw (fix #17856)
Francois Cartegnie
git at videolan.org
Mon Oct 31 21:22:34 CET 2016
vlc/vlc-2.2 | branch: master | Francois Cartegnie <fcvlcdev at free.fr> | Mon Oct 31 21:11:05 2016 +0100| [52559dbed8c3518bd1d39458d3fa286744eab6b0] | committer: Francois Cartegnie
demux: mp4: esds heap buffer ofw (fix #17856)
cherry-picked from d3e233c59fdbc7511e22a966a5cfebcde7dc9ba9
> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=52559dbed8c3518bd1d39458d3fa286744eab6b0
---
modules/demux/mp4/libmp4.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/modules/demux/mp4/libmp4.c b/modules/demux/mp4/libmp4.c
index d05abe6..3873879 100644
--- a/modules/demux/mp4/libmp4.c
+++ b/modules/demux/mp4/libmp4.c
@@ -1230,20 +1230,21 @@ static int MP4_ReadBox_esds( stream_t *p_stream, MP4_Box_t *p_box )
{
MP4_GET2BYTES( es_descriptor.i_depend_on_ES_ID );
}
- if( es_descriptor.b_url )
+ if( es_descriptor.b_url && i_read > 0 )
{
- unsigned int i_len;
+ uint8_t i_url;
- MP4_GET1BYTE( i_len );
- i_len = __MIN(i_read, i_len);
- es_descriptor.psz_URL = malloc( i_len + 1 );
+ MP4_GET1BYTE( i_url );
+ if( i_url > i_read )
+ MP4_READBOX_EXIT( 1 );
+ es_descriptor.psz_URL = malloc( (unsigned) i_url + 1 );
if( es_descriptor.psz_URL )
{
- memcpy( es_descriptor.psz_URL, p_peek, i_len );
- es_descriptor.psz_URL[i_len] = 0;
+ memcpy( es_descriptor.psz_URL, p_peek, i_url );
+ es_descriptor.psz_URL[i_url] = 0;
}
- p_peek += i_len;
- i_read -= i_len;
+ p_peek += i_url;
+ i_read -= i_url;
}
else
{
More information about the vlc-commits
mailing list