[vlc-devel] commit: H264 packetizer : NEVER TRUST INPUT !! ( Rafaël Carré )

git version control git at videolan.org
Mon Mar 31 15:03:07 CEST 2008


vlc | branch: 0.8.6-bugfix | Rafaël Carré <funman at videolan.org> | Fri Mar 28 16:51:16 2008 +0100| [ba61d7b966292f44382b9fe3449c7d2ce2d46566]

H264 packetizer : NEVER TRUST INPUT !!

Do not allocate ridiculous amount of datas.

Signed-off-by: Jean-Paul Saman <jpsaman at videolan.org>
(cherry picked from commit ab4e8a39d0b2d9c2998d7ab248b83463fd67f2a1)

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=ba61d7b966292f44382b9fe3449c7d2ce2d46566
---

 modules/packetizer/h264.c |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/modules/packetizer/h264.c b/modules/packetizer/h264.c
index 76bc858..cd8d95a 100644
--- a/modules/packetizer/h264.c
+++ b/modules/packetizer/h264.c
@@ -443,10 +443,14 @@ static block_t *PacketizeAVC1( decoder_t *p_dec, block_t **pp_block )
             i_size = (i_size << 8) | (*p++);
         }
 
-        if( i_size > 0 )
+        if( i_size > 0 && i_size < p_block->i_buffer )
         {
             block_t *p_part = nal_get_annexeb( p_dec, p, i_size );
-
+            if( !p_part )
+            {
+                block_Release( p_block );
+                return NULL;
+            }
             p_part->i_dts = p_block->i_dts;
             p_part->i_pts = p_block->i_pts;
 
@@ -468,6 +472,7 @@ static block_t *nal_get_annexeb( decoder_t *p_dec, uint8_t *p, int i_size )
     block_t *p_nal;
 
     p_nal = block_New( p_dec, 4 + i_size );
+    if( !p_nal ) return NULL;
 
     /* Add start code */
     p_nal->p_buffer[0] = 0x00;




More information about the vlc-devel mailing list