On Fri, 15 Nov 2024, Scott Theisen wrote:
originally from:
https://github.com/MythTV/mythtv/commit/a1d4d112c3f962a85ddd6248592421171fc8331c
referencing:
https://code.mythtv.org/trac/ticket/1887
ISO/IEC 13818-1:2021 specifies a valid range of [0x0010, 0x1FFE] in
§ 2.4.4.6 Semantic definition of fields in program association section
and Table 2-3 – PID table
---
libavformat/mpegts.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c
index 78ab7f7efe..6d5dc3050b 100644
--- a/libavformat/mpegts.c
+++ b/libavformat/mpegts.c
@@ -2580,6 +2580,12 @@ static void pat_cb(MpegTSFilter *filter, const uint8_t
*section, int section_len
break;
av_log(ts->stream, AV_LOG_TRACE, "sid=0x%x pid=0x%x\n", sid, pmt_pid);
+ if (pmt_pid <= 0x000F || pmt_pid >= 0x1FFF)
+ {
+ av_log(ts->stream, AV_LOG_ERROR, "Invalid PAT ignored "
+ "MPEG Program Number=0x%x pid=0x%x\n", sid, pmt_pid);
+ return;
+ }
Strictly speaking this is no longer needed, because the crash which is
fixed by this is already fixed by the check above:
if (pmt_pid == ts->current_pid)
break;
Nevertheless, I am not against a more restrictive check for pids, so
maybe extending the current check with this:
if (pmt_pid == ts->current_pid || pmt_pid <= 0x000F || pmt_pid >= 0x1FFF)
would be better. If you want to report an error however, maybe you should
use av_log_once() to not spam the user about the same issue for every
PAT packet?
Also you might consider using continue instead of return, after all there
is a specific entry in the PAT which is bogus, maybe we should simply
ignore only that entry.
Thanks,
Marton
if (sid == 0x0000) {
/* NIT info */
--
2.43.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".