[vlc-commits] demux: stl: fix heap-buffer-overflow
Shaleen Jain
git at videolan.org
Wed Jul 5 09:20:31 CEST 2017
vlc | branch: master | Shaleen Jain <shaleen.jain95 at gmail.com> | Tue Jul 4 18:36:54 2017 +0530| [7033852e1a8292734e1d5800bec864bb5fb24c30] | committer: Thomas Guillem
demux: stl: fix heap-buffer-overflow
According to the spec, calloc can return a NULL or a unique pointer value if
either of the arguments are 0 depending on the implementation. Add a guard to
prevent allocation by returning an error in the above case.
Signed-off-by: Thomas Guillem <thomas at gllm.fr>
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=7033852e1a8292734e1d5800bec864bb5fb24c30
---
modules/demux/stl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/modules/demux/stl.c b/modules/demux/stl.c
index 9a0d5a131e..524f265e82 100644
--- a/modules/demux/stl.c
+++ b/modules/demux/stl.c
@@ -242,6 +242,8 @@ static int Open(vlc_object_t *object)
const int cct = ParseInteger(&header[12], 2);
const mtime_t program_start = ParseTextTimeCode(&header[256], fps);
const size_t tti_count = ParseInteger(&header[238], 5);
+ if (!tti_count)
+ return VLC_EGENERIC;
msg_Dbg(demux, "Detected EBU STL : CCT=%d TTI=%zu start=%8.8s %"PRId64, cct, tti_count, &header[256], program_start);
demux_sys_t *sys = malloc(sizeof(*sys));
More information about the vlc-commits
mailing list