[vlc-devel] [PATCH] demux: stl: fix heap-buffer-overflow
Thomas Guillem
thomas at gllm.fr
Tue Jul 4 14:31:23 CEST 2017
On Tue, Jul 4, 2017, at 13:56, Shaleen Jain wrote:
> According to the spec calloc can return a NULL or a unique pointer
> value if either of the arguments are 0 depending on the implementation.
> Add a guard to prevent allocation by returning an error in the above
> case.
> ---
> modules/demux/stl.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/modules/demux/stl.c b/modules/demux/stl.c
> index 9a0d5a131e..9d27a79458 100644
> --- a/modules/demux/stl.c
> +++ b/modules/demux/stl.c
> @@ -243,6 +243,8 @@ static int Open(vlc_object_t *object)
> const mtime_t program_start = ParseTextTimeCode(&header[256], fps);
> const size_t tti_count = ParseInteger(&header[238], 5);
> msg_Dbg(demux, "Detected EBU STL : CCT=%d TTI=%zu start=%8.8s
> %"PRId64, cct, tti_count, &header[256], program_start);
> + if(!tti_count)
> + return VLC_EGENERIC;
Seems good to me, but I would have put the tti_count check before the
msg_Dbg log.
>
> demux_sys_t *sys = malloc(sizeof(*sys));
> if(!sys)
> --
> 2.13.2
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
More information about the vlc-devel
mailing list