[vlc-devel] [PATCH] demux: stl: fix heap-buffer-overflow

Shaleen Jain shaleen.jain95 at gmail.com
Tue Jul 4 09:16:41 CEST 2017

According to the spec calloc can return a NULL or a unique pointer
value if either of the arguments are 0 depending on the implementation.

Add a guard to prevent member access if we get a non-null pointer in
the above case.
 modules/demux/stl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/demux/stl.c b/modules/demux/stl.c
index 9a0d5a131e..9d27a79458 100644
--- a/modules/demux/stl.c
+++ b/modules/demux/stl.c
@@ -243,6 +243,8 @@ static int Open(vlc_object_t *object)
     const mtime_t program_start = ParseTextTimeCode(&header[256], fps);
     const size_t tti_count = ParseInteger(&header[238], 5);
     msg_Dbg(demux, "Detected EBU STL : CCT=%d TTI=%zu start=%8.8s %"PRId64, cct, tti_count, &header[256], program_start);
+    if(!tti_count)
+        return VLC_EGENERIC;
     demux_sys_t *sys = malloc(sizeof(*sys));

More information about the vlc-devel mailing list