[vlc-devel] commit: H264 packetizer : NEVER TRUST INPUT !! ( Rafaël Carré )
git version control
git at videolan.org
Mon Mar 31 15:03:07 CEST 2008
vlc | branch: 0.8.6-bugfix | Rafaël Carré <funman at videolan.org> | Fri Mar 28 16:51:16 2008 +0100| [ba61d7b966292f44382b9fe3449c7d2ce2d46566]
H264 packetizer : NEVER TRUST INPUT !!
Do not allocate ridiculous amount of datas.
Signed-off-by: Jean-Paul Saman <jpsaman at videolan.org>
(cherry picked from commit ab4e8a39d0b2d9c2998d7ab248b83463fd67f2a1)
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=ba61d7b966292f44382b9fe3449c7d2ce2d46566
---
modules/packetizer/h264.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/modules/packetizer/h264.c b/modules/packetizer/h264.c
index 76bc858..cd8d95a 100644
--- a/modules/packetizer/h264.c
+++ b/modules/packetizer/h264.c
@@ -443,10 +443,14 @@ static block_t *PacketizeAVC1( decoder_t *p_dec, block_t **pp_block )
i_size = (i_size << 8) | (*p++);
}
- if( i_size > 0 )
+ if( i_size > 0 && i_size < p_block->i_buffer )
{
block_t *p_part = nal_get_annexeb( p_dec, p, i_size );
-
+ if( !p_part )
+ {
+ block_Release( p_block );
+ return NULL;
+ }
p_part->i_dts = p_block->i_dts;
p_part->i_pts = p_block->i_pts;
@@ -468,6 +472,7 @@ static block_t *nal_get_annexeb( decoder_t *p_dec, uint8_t *p, int i_size )
block_t *p_nal;
p_nal = block_New( p_dec, 4 + i_size );
+ if( !p_nal ) return NULL;
/* Add start code */
p_nal->p_buffer[0] = 0x00;
More information about the vlc-devel
mailing list