ffmpeg | branch: release/2.3 | Michael Niedermayer <michae...@gmx.at> | Sat Oct 4 05:14:08 2014 +0200| [5926bea980ad42a7b4a613c7d922468ba128b0e4] | committer: Michael Niedermayer
avformat/mpegts: use a padded buffer in read_sl_header() Fixes overread Fixes: asan_heap-oob_84f75d_8_asan_heap-oob_a2a00a_341_mbc.ts Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michae...@gmx.at> (cherry picked from commit 27f6da292118850ca7900de64d06b56e0ebb5070) Signed-off-by: Michael Niedermayer <michae...@gmx.at> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5926bea980ad42a7b4a613c7d922468ba128b0e4 --- libavformat/mpegts.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index bf97602..b1dd8c6 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -852,8 +852,12 @@ static int read_sl_header(PESContext *pes, SLConfigDescr *sl, int padding_flag = 0, padding_bits = 0, inst_bitrate_flag = 0; int dts_flag = -1, cts_flag = -1; int64_t dts = AV_NOPTS_VALUE, cts = AV_NOPTS_VALUE; + uint8_t buf_padded[128 + FF_INPUT_BUFFER_PADDING_SIZE]; + int buf_padded_size = FFMIN(buf_size, sizeof(buf_padded) - FF_INPUT_BUFFER_PADDING_SIZE); - init_get_bits(&gb, buf, buf_size * 8); + memcpy(buf_padded, buf, buf_padded_size); + + init_get_bits(&gb, buf_padded, buf_padded_size * 8); if (sl->use_au_start) au_start_flag = get_bits1(&gb); _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
