[vlc-commits] [Git][videolan/vlc][master] 3 commits: demux: ts: check block skip size

Steve Lhomme (@robUx4) gitlab at videolan.org
Sat Apr 11 13:34:35 UTC 2026 


Steve Lhomme pushed to branch master at VideoLAN / VLC


Commits:
93e847d1 by Steve Lhomme at 2026-04-11T13:20:21+00:00
demux: ts: check block skip size

The result of PKTHeaderAndAFSize() is not checked against the available data.
There's a cap at 187 bytes but the block may contain less data (EOF).
We can't properly subtract i_skip from p_pkt->i_buffer.

If there is too much data to skip the pcr won't be updated.

- - - - -
417a06ca by Steve Lhomme at 2026-04-11T13:20:21+00:00
demux: ts: check block has enough data before checking payload flags

- - - - -
86900498 by Steve Lhomme at 2026-04-11T13:20:21+00:00
demux: ts: check block skip size

The result of PKTHeaderAndAFSize() is not checked against the available data.
If there is too much data to skip we just return like other error checks;

- - - - -


2 changed files:

- modules/demux/mpeg/ts.c
- modules/demux/mpeg/ts_hotfixes.c


Changes:

=====================================
modules/demux/mpeg/ts.c
=====================================
@@ -2022,7 +2022,7 @@ static int SeekToTime( demux_t *p_demux, const ts_pmt_t *p_pmt, vlc_tick_t i_see
                     i_pktpcr = GetPCR( p_pkt );
 
                 unsigned i_skip = PKTHeaderAndAFSize( p_pkt );
-                if( i_pktpcr == TS_90KHZ_INVALID && p_pid->type == TYPE_STREAM &&
+                if( p_pkt->i_buffer > 4 && p_pkt->i_buffer > i_skip && i_pktpcr == TS_90KHZ_INVALID && p_pid->type == TYPE_STREAM &&
                     ts_stream_Find_es( p_pid->u.p_stream, p_pmt ) &&
                    (p_pkt->p_buffer[1] & 0xC0) == 0x40 && /* Payload start but not corrupt */
                    (p_pkt->p_buffer[3] & 0xD0) == 0x10    /* Has payload but is not encrypted */
@@ -2112,6 +2112,8 @@ static int ProbeChunk( demux_t *p_demux, int i_program, bool b_end, bool *pb_fou
             {
                 b_pcrresult = false;
                 unsigned i_skip = PKTHeaderAndAFSize( p_pkt );
+                if (p_pkt->i_buffer > i_skip)
+                {
                 ts_pes_header_t pesh;
                 ts_pes_header_init( &pesh );
                 if ( VLC_SUCCESS == ParsePESHeader( NULL, &p_pkt->p_buffer[i_skip],
@@ -2122,6 +2124,7 @@ static int ProbeChunk( demux_t *p_demux, int i_program, bool b_end, bool *pb_fou
                     else if( pesh.i_pts != TS_90KHZ_INVALID )
                         i_pcr = pesh.i_pts;
                 }
+                }
             }
 
             if( i_pcr != TS_90KHZ_INVALID )


=====================================
modules/demux/mpeg/ts_hotfixes.c
=====================================
@@ -53,6 +53,8 @@ void ProbePES( demux_t *p_demux, ts_pid_t *pid, const block_t *p_pkt )
     demux_sys_t *p_sys = p_demux->p_sys;
 
     unsigned i_skip = PKTHeaderAndAFSize( p_pkt );
+    if ( p_pkt->i_buffer < i_skip )
+        return;
     ts_90khz_t pktpcr = GetPCR( p_pkt );
 
     if( pktpcr != TS_90KHZ_INVALID )



View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/5c5354618ebb40347d75863097ce3bb4be36eec3...86900498d869eb663cacad815c6522c3eb1ada11

-- 
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/5c5354618ebb40347d75863097ce3bb4be36eec3...86900498d869eb663cacad815c6522c3eb1ada11
You're receiving this email because of your account on code.videolan.org.

More information about the vlc-commits mailing list