[vlc-commits] demux: mp4: fix crashes with VPx

Tristan Matthews git at videolan.org
Thu Sep 22 13:49:18 CEST 2016 

vlc | branch: master | Tristan Matthews <tmatth at videolan.org> | Thu Sep 22 07:36:28 2016 -0400| [32fbf6849dc7600701b9d8156b3df07d5c172a78] | committer: Francois Cartegnie

demux: mp4: fix crashes with VPx

Reported by Vittorio Giovara.

Signed-off-by: Francois Cartegnie <fcvlcdev at free.fr>

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=32fbf6849dc7600701b9d8156b3df07d5c172a78
---

 modules/demux/mp4/essetup.c | 12 ++++++++++--
 modules/demux/mp4/libmp4.c  |  9 ++++++++-
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/modules/demux/mp4/essetup.c b/modules/demux/mp4/essetup.c
index 446bf84..efd4b55 100644
--- a/modules/demux/mp4/essetup.c
+++ b/modules/demux/mp4/essetup.c
@@ -600,8 +600,16 @@ int SetupVideoES( demux_t *p_demux, mp4_track_t *p_track, MP4_Box_t *p_sample )
                 p_track->fmt.video.b_color_range_full = p_data->i_fullrange;
                 p_track->fmt.video.i_bits_per_pixel = p_data->i_bit_depth;
 
-                p_track->fmt.i_extra = p_data->i_codec_init_datasize;
-                memcpy( p_track->fmt.p_extra, p_data->p_codec_init_data, p_data->i_codec_init_datasize );
+                if( p_data->i_codec_init_datasize )
+                {
+                    p_track->fmt.p_extra = malloc( p_data->i_codec_init_datasize );
+                    if( p_track->fmt.p_extra )
+                    {
+                        p_track->fmt.i_extra = p_data->i_codec_init_datasize;
+                        memcpy( p_track->fmt.p_extra, p_data->p_codec_init_data,
+                                p_data->i_codec_init_datasize );
+                    }
+                }
             }
         }
 
diff --git a/modules/demux/mp4/libmp4.c b/modules/demux/mp4/libmp4.c
index 6a36b7f..809381c 100644
--- a/modules/demux/mp4/libmp4.c
+++ b/modules/demux/mp4/libmp4.c
@@ -1650,7 +1650,14 @@ static int MP4_ReadBox_vpcC( stream_t *p_stream, MP4_Box_t *p_box )
     MP4_GET2BYTES( p_vpcC->i_codec_init_datasize );
     if( p_vpcC->i_codec_init_datasize > i_read )
         p_vpcC->i_codec_init_datasize = i_read;
-    memcpy( p_vpcC->p_codec_init_data, p_peek, i_read );
+
+    if( p_vpcC->i_codec_init_datasize )
+    {
+        p_vpcC->p_codec_init_data = malloc( i_read );
+        if( !p_vpcC->p_codec_init_data )
+            MP4_READBOX_EXIT( 0 );
+        memcpy( p_vpcC->p_codec_init_data, p_peek, i_read );
+    }
 
     MP4_READBOX_EXIT( 1 );
 }

More information about the vlc-commits mailing list