Commit 873bcee7 authored by Laurent Aimar's avatar Laurent Aimar

Fixed potential invalid access with too short packetized data.

parent fe82dccc
...@@ -202,7 +202,7 @@ static int Open( vlc_object_t *p_this ) ...@@ -202,7 +202,7 @@ static int Open( vlc_object_t *p_this )
packetizer_Init( &p_sys->packetizer, packetizer_Init( &p_sys->packetizer,
p_h264_startcode, sizeof(p_h264_startcode), p_h264_startcode, sizeof(p_h264_startcode),
p_h264_startcode, 1, p_h264_startcode, 1, 5,
PacketizeReset, PacketizeParse, PacketizeValidate, p_dec ); PacketizeReset, PacketizeParse, PacketizeValidate, p_dec );
p_sys->b_slice = false; p_sys->b_slice = false;
...@@ -520,7 +520,7 @@ static block_t *PacketizeParse( void *p_private, bool *pb_ts_used, block_t *p_bl ...@@ -520,7 +520,7 @@ static block_t *PacketizeParse( void *p_private, bool *pb_ts_used, block_t *p_bl
decoder_t *p_dec = p_private; decoder_t *p_dec = p_private;
/* Remove trailing 0 bytes */ /* Remove trailing 0 bytes */
while( p_block->i_buffer && p_block->p_buffer[p_block->i_buffer-1] == 0x00 ) while( p_block->i_buffer > 5 && p_block->p_buffer[p_block->i_buffer-1] == 0x00 )
p_block->i_buffer--; p_block->i_buffer--;
return ParseNALBlock( p_dec, pb_ts_used, p_block ); return ParseNALBlock( p_dec, pb_ts_used, p_block );
......
...@@ -142,7 +142,7 @@ static int Open( vlc_object_t *p_this ) ...@@ -142,7 +142,7 @@ static int Open( vlc_object_t *p_this )
/* Misc init */ /* Misc init */
packetizer_Init( &p_sys->packetizer, packetizer_Init( &p_sys->packetizer,
p_mp4v_startcode, sizeof(p_mp4v_startcode), p_mp4v_startcode, sizeof(p_mp4v_startcode),
NULL, 0, NULL, 0, 4,
PacketizeReset, PacketizeParse, PacketizeValidate, p_dec ); PacketizeReset, PacketizeParse, PacketizeValidate, p_dec );
p_sys->p_frame = NULL; p_sys->p_frame = NULL;
......
...@@ -170,7 +170,7 @@ static int Open( vlc_object_t *p_this ) ...@@ -170,7 +170,7 @@ static int Open( vlc_object_t *p_this )
/* Misc init */ /* Misc init */
packetizer_Init( &p_sys->packetizer, packetizer_Init( &p_sys->packetizer,
p_mp2v_startcode, sizeof(p_mp2v_startcode), p_mp2v_startcode, sizeof(p_mp2v_startcode),
NULL, 0, NULL, 0, 4,
PacketizeReset, PacketizeParse, PacketizeValidate, p_dec ); PacketizeReset, PacketizeParse, PacketizeValidate, p_dec );
p_sys->p_seq = NULL; p_sys->p_seq = NULL;
...@@ -305,7 +305,7 @@ static block_t *PacketizeParse( void *p_private, bool *pb_ts_used, block_t *p_bl ...@@ -305,7 +305,7 @@ static block_t *PacketizeParse( void *p_private, bool *pb_ts_used, block_t *p_bl
decoder_t *p_dec = p_private; decoder_t *p_dec = p_private;
/* Check if we have a picture start code */ /* Check if we have a picture start code */
*pb_ts_used = p_block->i_buffer >= 4 && p_block->p_buffer[3] == 0x00; *pb_ts_used = p_block->p_buffer[3] == 0x00;
return ParseMPEGBlock( p_dec, p_block ); return ParseMPEGBlock( p_dec, p_block );
} }
......
...@@ -49,6 +49,8 @@ typedef struct ...@@ -49,6 +49,8 @@ typedef struct
int i_au_prepend; int i_au_prepend;
const uint8_t *p_au_prepend; const uint8_t *p_au_prepend;
unsigned i_au_min_size;
void *p_private; void *p_private;
packetizer_reset_t pf_reset; packetizer_reset_t pf_reset;
packetizer_parse_t pf_parse; packetizer_parse_t pf_parse;
...@@ -59,6 +61,7 @@ typedef struct ...@@ -59,6 +61,7 @@ typedef struct
static inline void packetizer_Init( packetizer_t *p_pack, static inline void packetizer_Init( packetizer_t *p_pack,
const uint8_t *p_startcode, int i_startcode, const uint8_t *p_startcode, int i_startcode,
const uint8_t *p_au_prepend, int i_au_prepend, const uint8_t *p_au_prepend, int i_au_prepend,
unsigned i_au_min_size,
packetizer_reset_t pf_reset, packetizer_reset_t pf_reset,
packetizer_parse_t pf_parse, packetizer_parse_t pf_parse,
packetizer_validate_t pf_validate, packetizer_validate_t pf_validate,
...@@ -71,6 +74,7 @@ static inline void packetizer_Init( packetizer_t *p_pack, ...@@ -71,6 +74,7 @@ static inline void packetizer_Init( packetizer_t *p_pack,
p_pack->i_au_prepend = i_au_prepend; p_pack->i_au_prepend = i_au_prepend;
p_pack->p_au_prepend = p_au_prepend; p_pack->p_au_prepend = p_au_prepend;
p_pack->i_au_min_size = i_au_min_size;
p_pack->i_startcode = i_startcode; p_pack->i_startcode = i_startcode;
p_pack->p_startcode = p_startcode; p_pack->p_startcode = p_startcode;
...@@ -167,11 +171,19 @@ static inline block_t *packetizer_Packetize( packetizer_t *p_pack, block_t **pp_ ...@@ -167,11 +171,19 @@ static inline block_t *packetizer_Packetize( packetizer_t *p_pack, block_t **pp_
p_pack->i_offset = 0; p_pack->i_offset = 0;
/* Parse the NAL */ /* Parse the NAL */
p_pic = p_pack->pf_parse( p_pack->p_private, &b_used_ts, p_pic ); if( p_pic->i_buffer < p_pack->i_au_min_size )
if( b_used_ts ) {
block_Release( p_pic );
p_pic = NULL;
}
else
{ {
p_block_bytestream->i_dts = VLC_TS_INVALID; p_pic = p_pack->pf_parse( p_pack->p_private, &b_used_ts, p_pic );
p_block_bytestream->i_pts = VLC_TS_INVALID; if( b_used_ts )
{
p_block_bytestream->i_dts = VLC_TS_INVALID;
p_block_bytestream->i_pts = VLC_TS_INVALID;
}
} }
if( !p_pic ) if( !p_pic )
......
...@@ -143,7 +143,7 @@ static int Open( vlc_object_t *p_this ) ...@@ -143,7 +143,7 @@ static int Open( vlc_object_t *p_this )
packetizer_Init( &p_sys->packetizer, packetizer_Init( &p_sys->packetizer,
p_vc1_startcode, sizeof(p_vc1_startcode), p_vc1_startcode, sizeof(p_vc1_startcode),
NULL, 0, NULL, 0, 4,
PacketizeReset, PacketizeParse, PacketizeValidate, p_dec ); PacketizeReset, PacketizeParse, PacketizeValidate, p_dec );
p_sys->b_sequence_header = false; p_sys->b_sequence_header = false;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment