[vlc-devel] [PATCH] demux: stl: fix heap-buffer-overflow
Rémi Denis-Courmont
remi at remlab.net
Tue Jul 4 13:11:44 CEST 2017
Le 4 juillet 2017 10:16:41 GMT+03:00, Shaleen Jain <shaleen.jain95 at gmail.com> a écrit :
>According to the spec calloc can return a NULL or a unique pointer
>value if either of the arguments are 0 depending on the implementation.
>
>Add a guard to prevent member access if we get a non-null pointer in
>the above case.
>---
> modules/demux/stl.c | 2 ++
> 1 file changed, 2 insertions(+)
>
>diff --git a/modules/demux/stl.c b/modules/demux/stl.c
>index 9a0d5a131e..9d27a79458 100644
>--- a/modules/demux/stl.c
>+++ b/modules/demux/stl.c
>@@ -243,6 +243,8 @@ static int Open(vlc_object_t *object)
> const mtime_t program_start = ParseTextTimeCode(&header[256], fps);
> const size_t tti_count = ParseInteger(&header[238], 5);
>msg_Dbg(demux, "Detected EBU STL : CCT=%d TTI=%zu start=%8.8s %"PRId64,
>cct, tti_count, &header[256], program_start);
>+ if(!tti_count)
>+ return VLC_EGENERIC;
>
> demux_sys_t *sys = malloc(sizeof(*sys));
> if(!sys)
>--
>2.13.2
>
>_______________________________________________
>vlc-devel mailing list
>To unsubscribe or modify your subscription options:
>https://mailman.videolan.org/listinfo/vlc-devel
I am confused by the description here. If 0 elements is a valid situation, then the error predicate is wrong as NULL would be conditionally valid return.
--
Rémi Denis-Courmont
Typed on an inconvenient virtual keyboard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20170704/8a84f5ab/attachment.html>
More information about the vlc-devel
mailing list