Commit 2a3f1c19 authored by Laurent Aimar's avatar Laurent Aimar

* all: fixed segfault with invalid/corrupted psi data.

parent 978d1677
/***************************************************************************** /*****************************************************************************
* dr_02.c * dr_02.c
* (c)2001-2002 VideoLAN * (c)2001-2002 VideoLAN
* $Id: dr_02.c,v 1.6 2002/10/07 14:15:14 sam Exp $ * $Id: dr_02.c,v 1.7 2003/07/25 20:20:40 fenrir Exp $
* *
* Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr> * Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr>
* *
...@@ -76,6 +76,8 @@ dvbpsi_vstream_dr_t * dvbpsi_DecodeVStreamDr(dvbpsi_descriptor_t * p_descriptor) ...@@ -76,6 +76,8 @@ dvbpsi_vstream_dr_t * dvbpsi_DecodeVStreamDr(dvbpsi_descriptor_t * p_descriptor)
DVBPSI_ERROR_ARG("dr_02 decoder", "bad length (%d)", DVBPSI_ERROR_ARG("dr_02 decoder", "bad length (%d)",
p_descriptor->i_length); p_descriptor->i_length);
free(p_decoded); free(p_decoded);
return NULL;
} }
p_decoded->b_multiple_frame_rate = (p_descriptor->p_data[0] & 0x80) ? 1 : 0; p_decoded->b_multiple_frame_rate = (p_descriptor->p_data[0] & 0x80) ? 1 : 0;
......
/***************************************************************************** /*****************************************************************************
* dr_03.c * dr_03.c
* (c)2001-2002 VideoLAN * (c)2001-2002 VideoLAN
* $Id: dr_03.c,v 1.3 2002/10/07 14:15:14 sam Exp $ * $Id: dr_03.c,v 1.4 2003/07/25 20:20:40 fenrir Exp $
* *
* Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr> * Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr>
* *
...@@ -73,6 +73,7 @@ dvbpsi_astream_dr_t * dvbpsi_DecodeAStreamDr(dvbpsi_descriptor_t * p_descriptor) ...@@ -73,6 +73,7 @@ dvbpsi_astream_dr_t * dvbpsi_DecodeAStreamDr(dvbpsi_descriptor_t * p_descriptor)
DVBPSI_ERROR_ARG("dr_03 decoder", "bad length (%d)", DVBPSI_ERROR_ARG("dr_03 decoder", "bad length (%d)",
p_descriptor->i_length); p_descriptor->i_length);
free(p_decoded); free(p_decoded);
return NULL;
} }
p_decoded->b_free_format = (p_descriptor->p_data[0] & 0x80) ? 1 : 0; p_decoded->b_free_format = (p_descriptor->p_data[0] & 0x80) ? 1 : 0;
......
/***************************************************************************** /*****************************************************************************
* dr_04.c * dr_04.c
* (c)2001-2002 VideoLAN * (c)2001-2002 VideoLAN
* $Id: dr_04.c,v 1.2 2002/10/07 14:15:14 sam Exp $ * $Id: dr_04.c,v 1.3 2003/07/25 20:20:40 fenrir Exp $
* *
* Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr> * Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr>
* *
...@@ -74,6 +74,7 @@ dvbpsi_hierarchy_dr_t * dvbpsi_DecodeHierarchyDr( ...@@ -74,6 +74,7 @@ dvbpsi_hierarchy_dr_t * dvbpsi_DecodeHierarchyDr(
DVBPSI_ERROR_ARG("dr_04 decoder", "bad length (%d)", DVBPSI_ERROR_ARG("dr_04 decoder", "bad length (%d)",
p_descriptor->i_length); p_descriptor->i_length);
free(p_decoded); free(p_decoded);
return NULL;
} }
p_decoded->i_h_type = p_descriptor->p_data[0] & 0x0f; p_decoded->i_h_type = p_descriptor->p_data[0] & 0x0f;
......
/***************************************************************************** /*****************************************************************************
* dr_05.c * dr_05.c
* (c)2001-2002 VideoLAN * (c)2001-2002 VideoLAN
* $Id: dr_05.c,v 1.2 2002/10/07 14:15:14 sam Exp $ * $Id: dr_05.c,v 1.3 2003/07/25 20:20:40 fenrir Exp $
* *
* Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr> * Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr>
* *
...@@ -75,6 +75,7 @@ dvbpsi_registration_dr_t * dvbpsi_DecodeRegistrationDr( ...@@ -75,6 +75,7 @@ dvbpsi_registration_dr_t * dvbpsi_DecodeRegistrationDr(
DVBPSI_ERROR_ARG("dr_05 decoder", "bad length (%d)", DVBPSI_ERROR_ARG("dr_05 decoder", "bad length (%d)",
p_descriptor->i_length); p_descriptor->i_length);
free(p_decoded); free(p_decoded);
return NULL;
} }
p_decoded->i_format_identifier = ((uint32_t)(p_descriptor->p_data[0]) << 24) p_decoded->i_format_identifier = ((uint32_t)(p_descriptor->p_data[0]) << 24)
......
/***************************************************************************** /*****************************************************************************
* dr_06.c * dr_06.c
* (c)2001-2002 VideoLAN * (c)2001-2002 VideoLAN
* $Id: dr_06.c,v 1.2 2002/10/07 14:15:14 sam Exp $ * $Id: dr_06.c,v 1.3 2003/07/25 20:20:40 fenrir Exp $
* *
* Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr> * Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr>
* *
...@@ -75,6 +75,7 @@ dvbpsi_ds_alignment_dr_t * dvbpsi_DecodeDSAlignmentDr( ...@@ -75,6 +75,7 @@ dvbpsi_ds_alignment_dr_t * dvbpsi_DecodeDSAlignmentDr(
DVBPSI_ERROR_ARG("dr_06 decoder", "bad length (%d)", DVBPSI_ERROR_ARG("dr_06 decoder", "bad length (%d)",
p_descriptor->i_length); p_descriptor->i_length);
free(p_decoded); free(p_decoded);
return NULL;
} }
p_decoded->i_alignment_type = p_descriptor->p_data[0]; p_decoded->i_alignment_type = p_descriptor->p_data[0];
......
/***************************************************************************** /*****************************************************************************
* dr_07.c * dr_07.c
* (c)2001-2002 VideoLAN * (c)2001-2002 VideoLAN
* $Id: dr_07.c,v 1.3 2002/10/07 14:15:14 sam Exp $ * $Id: dr_07.c,v 1.4 2003/07/25 20:20:40 fenrir Exp $
* *
* Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr> * Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr>
* *
...@@ -75,6 +75,7 @@ dvbpsi_target_bg_grid_dr_t * dvbpsi_DecodeTargetBgGridDr( ...@@ -75,6 +75,7 @@ dvbpsi_target_bg_grid_dr_t * dvbpsi_DecodeTargetBgGridDr(
DVBPSI_ERROR_ARG("dr_07 decoder", "bad length (%d)", DVBPSI_ERROR_ARG("dr_07 decoder", "bad length (%d)",
p_descriptor->i_length); p_descriptor->i_length);
free(p_decoded); free(p_decoded);
return NULL;
} }
p_decoded->i_horizontal_size = ((uint16_t)(p_descriptor->p_data[0]) << 6) p_decoded->i_horizontal_size = ((uint16_t)(p_descriptor->p_data[0]) << 6)
......
/***************************************************************************** /*****************************************************************************
* dr_08.c * dr_08.c
* (c)2001-2002 VideoLAN * (c)2001-2002 VideoLAN
* $Id: dr_08.c,v 1.3 2002/10/07 14:15:14 sam Exp $ * $Id: dr_08.c,v 1.4 2003/07/25 20:20:40 fenrir Exp $
* *
* Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr> * Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr>
* *
...@@ -73,6 +73,7 @@ dvbpsi_vwindow_dr_t * dvbpsi_DecodeVWindowDr(dvbpsi_descriptor_t * p_descriptor) ...@@ -73,6 +73,7 @@ dvbpsi_vwindow_dr_t * dvbpsi_DecodeVWindowDr(dvbpsi_descriptor_t * p_descriptor)
DVBPSI_ERROR_ARG("dr_08 decoder", "bad length (%d)", DVBPSI_ERROR_ARG("dr_08 decoder", "bad length (%d)",
p_descriptor->i_length); p_descriptor->i_length);
free(p_decoded); free(p_decoded);
return NULL;
} }
p_decoded->i_horizontal_offset = ((uint16_t)(p_descriptor->p_data[0]) << 6) p_decoded->i_horizontal_offset = ((uint16_t)(p_descriptor->p_data[0]) << 6)
......
/***************************************************************************** /*****************************************************************************
* dr_09.c * dr_09.c
* (c)2001-2002 VideoLAN * (c)2001-2002 VideoLAN
* $Id: dr_09.c,v 1.4 2002/10/07 14:15:14 sam Exp $ * $Id: dr_09.c,v 1.5 2003/07/25 20:20:40 fenrir Exp $
* *
* Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr> * Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr>
* *
...@@ -73,6 +73,7 @@ dvbpsi_ca_dr_t * dvbpsi_DecodeCADr(dvbpsi_descriptor_t * p_descriptor) ...@@ -73,6 +73,7 @@ dvbpsi_ca_dr_t * dvbpsi_DecodeCADr(dvbpsi_descriptor_t * p_descriptor)
DVBPSI_ERROR_ARG("dr_09 decoder", "bad length (%d)", DVBPSI_ERROR_ARG("dr_09 decoder", "bad length (%d)",
p_descriptor->i_length); p_descriptor->i_length);
free(p_decoded); free(p_decoded);
return NULL;
} }
p_decoded->i_ca_system_id = ((uint16_t)(p_descriptor->p_data[0]) << 8) p_decoded->i_ca_system_id = ((uint16_t)(p_descriptor->p_data[0]) << 8)
......
/***************************************************************************** /*****************************************************************************
* dr_0a.c * dr_0a.c
* (c)2001-2002 VideoLAN * (c)2001-2002 VideoLAN
* $Id: dr_0a.c,v 1.3 2002/10/07 14:15:14 sam Exp $ * $Id: dr_0a.c,v 1.4 2003/07/25 20:20:40 fenrir Exp $
* *
* Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr> * Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr>
* *
...@@ -73,6 +73,7 @@ dvbpsi_iso639_dr_t * dvbpsi_DecodeISO639Dr(dvbpsi_descriptor_t * p_descriptor) ...@@ -73,6 +73,7 @@ dvbpsi_iso639_dr_t * dvbpsi_DecodeISO639Dr(dvbpsi_descriptor_t * p_descriptor)
DVBPSI_ERROR_ARG("dr_0a decoder", "bad length (%d)", DVBPSI_ERROR_ARG("dr_0a decoder", "bad length (%d)",
p_descriptor->i_length); p_descriptor->i_length);
free(p_decoded); free(p_decoded);
return NULL;
} }
p_decoded->i_audio_type = p_descriptor->p_data[p_descriptor->i_length - 1]; p_decoded->i_audio_type = p_descriptor->p_data[p_descriptor->i_length - 1];
......
/***************************************************************************** /*****************************************************************************
* dr_0b.c * dr_0b.c
* (c)2001-2002 VideoLAN * (c)2001-2002 VideoLAN
* $Id: dr_0b.c,v 1.2 2002/10/07 14:15:14 sam Exp $ * $Id: dr_0b.c,v 1.3 2003/07/25 20:20:40 fenrir Exp $
* *
* Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr> * Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr>
* *
...@@ -75,6 +75,7 @@ dvbpsi_system_clock_dr_t * dvbpsi_DecodeSystemClockDr( ...@@ -75,6 +75,7 @@ dvbpsi_system_clock_dr_t * dvbpsi_DecodeSystemClockDr(
DVBPSI_ERROR_ARG("dr_0b decoder", "bad length (%d)", DVBPSI_ERROR_ARG("dr_0b decoder", "bad length (%d)",
p_descriptor->i_length); p_descriptor->i_length);
free(p_decoded); free(p_decoded);
return NULL;
} }
p_decoded->b_external_clock_ref = (p_descriptor->p_data[0] & 0x80) ? 1 : 0; p_decoded->b_external_clock_ref = (p_descriptor->p_data[0] & 0x80) ? 1 : 0;
......
/***************************************************************************** /*****************************************************************************
* dr_0c.c * dr_0c.c
* (c)2001-2002 VideoLAN * (c)2001-2002 VideoLAN
* $Id: dr_0c.c,v 1.2 2002/10/07 14:15:14 sam Exp $ * $Id: dr_0c.c,v 1.3 2003/07/25 20:20:40 fenrir Exp $
* *
* Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr> * Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr>
* *
...@@ -75,6 +75,7 @@ dvbpsi_mx_buff_utilization_dr_t * dvbpsi_DecodeMxBuffUtilizationDr( ...@@ -75,6 +75,7 @@ dvbpsi_mx_buff_utilization_dr_t * dvbpsi_DecodeMxBuffUtilizationDr(
DVBPSI_ERROR_ARG("dr_0c decoder", "bad length (%d)", DVBPSI_ERROR_ARG("dr_0c decoder", "bad length (%d)",
p_descriptor->i_length); p_descriptor->i_length);
free(p_decoded); free(p_decoded);
return NULL;
} }
p_decoded->b_mdv_valid = (p_descriptor->p_data[0] & 0x80) ? 1 : 0; p_decoded->b_mdv_valid = (p_descriptor->p_data[0] & 0x80) ? 1 : 0;
......
/***************************************************************************** /*****************************************************************************
* dr_0d.c * dr_0d.c
* (c)2001-2002 VideoLAN * (c)2001-2002 VideoLAN
* $Id: dr_0d.c,v 1.2 2002/10/07 14:15:14 sam Exp $ * $Id: dr_0d.c,v 1.3 2003/07/25 20:20:40 fenrir Exp $
* *
* Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr> * Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr>
* *
...@@ -75,6 +75,7 @@ dvbpsi_copyright_dr_t * dvbpsi_DecodeCopyrightDr( ...@@ -75,6 +75,7 @@ dvbpsi_copyright_dr_t * dvbpsi_DecodeCopyrightDr(
DVBPSI_ERROR_ARG("dr_0c decoder", "bad length (%d)", DVBPSI_ERROR_ARG("dr_0c decoder", "bad length (%d)",
p_descriptor->i_length); p_descriptor->i_length);
free(p_decoded); free(p_decoded);
return NULL;
} }
p_decoded->i_copyright_identifier = p_decoded->i_copyright_identifier =
......
/***************************************************************************** /*****************************************************************************
* dr_0e.c * dr_0e.c
* (c)2001-2002 VideoLAN * (c)2001-2002 VideoLAN
* $Id: dr_0e.c,v 1.2 2002/10/07 14:15:14 sam Exp $ * $Id: dr_0e.c,v 1.3 2003/07/25 20:20:40 fenrir Exp $
* *
* Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr> * Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr>
* *
...@@ -74,6 +74,7 @@ dvbpsi_max_bitrate_dr_t * dvbpsi_DecodeMaxBitrateDr( ...@@ -74,6 +74,7 @@ dvbpsi_max_bitrate_dr_t * dvbpsi_DecodeMaxBitrateDr(
DVBPSI_ERROR_ARG("dr_0e decoder", "bad length (%d)", DVBPSI_ERROR_ARG("dr_0e decoder", "bad length (%d)",
p_descriptor->i_length); p_descriptor->i_length);
free(p_decoded); free(p_decoded);
return NULL;
} }
p_decoded->i_max_bitrate = p_decoded->i_max_bitrate =
......
/***************************************************************************** /*****************************************************************************
* dr_0f.c * dr_0f.c
* (c)2001-2002 VideoLAN * (c)2001-2002 VideoLAN
* $Id: dr_0f.c,v 1.2 2002/10/07 14:15:14 sam Exp $ * $Id: dr_0f.c,v 1.3 2003/07/25 20:20:40 fenrir Exp $
* *
* Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr> * Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr>
* *
...@@ -75,6 +75,7 @@ dvbpsi_private_data_dr_t * dvbpsi_DecodePrivateDataDr( ...@@ -75,6 +75,7 @@ dvbpsi_private_data_dr_t * dvbpsi_DecodePrivateDataDr(
DVBPSI_ERROR_ARG("dr_0f decoder", "bad length (%d)", DVBPSI_ERROR_ARG("dr_0f decoder", "bad length (%d)",
p_descriptor->i_length); p_descriptor->i_length);
free(p_decoded); free(p_decoded);
return NULL;
} }
p_decoded->i_private_data = ((uint32_t)(p_descriptor->p_data[0]) << 24) p_decoded->i_private_data = ((uint32_t)(p_descriptor->p_data[0]) << 24)
......
/***************************************************************************** /*****************************************************************************
* dr_48.c * dr_48.c
* (c)2001-2002 VideoLAN * (c)2001-2002 VideoLAN
* $Id: dr_48.c,v 1.1 2002/12/11 13:14:42 jobi Exp $ * $Id: dr_48.c,v 1.2 2003/07/25 20:20:40 fenrir Exp $
* *
* Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr> * Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr>
* Johan Bilien <jobi@via.ecp.fr> * Johan Bilien <jobi@via.ecp.fr>
...@@ -76,6 +76,7 @@ dvbpsi_service_dr_t * dvbpsi_DecodeServiceDr( ...@@ -76,6 +76,7 @@ dvbpsi_service_dr_t * dvbpsi_DecodeServiceDr(
DVBPSI_ERROR_ARG("dr_07 decoder", "bad length (%d)", DVBPSI_ERROR_ARG("dr_07 decoder", "bad length (%d)",
p_descriptor->i_length); p_descriptor->i_length);
free(p_decoded); free(p_decoded);
return NULL;
} }
p_decoded->i_service_type = p_descriptor->p_data[0]; p_decoded->i_service_type = p_descriptor->p_data[0];
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
* pmt.c: PMT decoder/generator * pmt.c: PMT decoder/generator
*---------------------------------------------------------------------------- *----------------------------------------------------------------------------
* (c)2001-2002 VideoLAN * (c)2001-2002 VideoLAN
* $Id: pmt.c,v 1.7 2002/10/10 09:27:02 sam Exp $ * $Id: pmt.c,v 1.8 2003/07/25 20:20:40 fenrir Exp $
* *
* Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr> * Authors: Arnaud de Bossoreille de Ribou <bozo@via.ecp.fr>
* *
...@@ -474,7 +474,7 @@ void dvbpsi_DecodePMTSections(dvbpsi_pmt_t* p_pmt, ...@@ -474,7 +474,7 @@ void dvbpsi_DecodePMTSections(dvbpsi_pmt_t* p_pmt,
} }
/* - ESs */ /* - ESs */
for(p_byte = p_end; p_byte < p_section->p_payload_end;) for(p_byte = p_end; p_byte + 5 < p_section->p_payload_end;)
{ {
uint8_t i_type = p_byte[0]; uint8_t i_type = p_byte[0];
uint16_t i_pid = ((uint16_t)(p_byte[1] & 0x1f) << 8) | p_byte[2]; uint16_t i_pid = ((uint16_t)(p_byte[1] & 0x1f) << 8) | p_byte[2];
...@@ -483,6 +483,10 @@ void dvbpsi_DecodePMTSections(dvbpsi_pmt_t* p_pmt, ...@@ -483,6 +483,10 @@ void dvbpsi_DecodePMTSections(dvbpsi_pmt_t* p_pmt,
/* - ES descriptors */ /* - ES descriptors */
p_byte += 5; p_byte += 5;
p_end = p_byte + i_length; p_end = p_byte + i_length;
if( p_end > p_section->p_payload_end )
{
p_end = p_section->p_payload_end;
}
while(p_byte + 2 < p_end) while(p_byte + 2 < p_end)
{ {
uint8_t i_tag = p_byte[0]; uint8_t i_tag = p_byte[0];
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment