ffmpeg | branch: release/0.5 | Michael Niedermayer <michae...@gmx.at> | Sat Oct 4 04:29:40 2014 +0200| [b8129b1a7ab959cf2822e43377084d884d791058] | committer: Michael Niedermayer
avformat/mpegts: Check desc_len / get8() return code Fixes out of array read Fixes: signal_sigsegv_844d59_10_signal_sigsegv_a17bb7_366_mpegts_mpeg2video_mp2_dvbsub_topfield.rec Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michae...@gmx.at> (cherry picked from commit c3d7f00ee3e09801f56f25db8b5961f25e842bd2) Signed-off-by: Michael Niedermayer <michae...@gmx.at> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b8129b1a7ab959cf2822e43377084d884d791058 --- libavformat/mpegts.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index 33e618c..c3045d9 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -769,7 +769,7 @@ static void sdt_cb(MpegTSFilter *filter, const uint8_t *section, int section_len break; desc_len = get8(&p, desc_list_end); desc_end = p + desc_len; - if (desc_end > desc_list_end) + if (desc_len < 0 || desc_end > desc_list_end) break; #ifdef DEBUG_SI av_log(ts->stream, AV_LOG_DEBUG, "tag: 0x%02x len=%d\n", _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
