Commit ef466bbd authored by Jean-Baptiste Kempf's avatar Jean-Baptiste Kempf

Mp4: fix stsz parsing

Do not malloc 900Mb, for example...

Close #5689
parent ffdde605
...@@ -1705,28 +1705,27 @@ static int MP4_ReadBox_stsd( stream_t *p_stream, MP4_Box_t *p_box ) ...@@ -1705,28 +1705,27 @@ static int MP4_ReadBox_stsd( stream_t *p_stream, MP4_Box_t *p_box )
static int MP4_ReadBox_stsz( stream_t *p_stream, MP4_Box_t *p_box ) static int MP4_ReadBox_stsz( stream_t *p_stream, MP4_Box_t *p_box )
{ {
unsigned int i;
MP4_READBOX_ENTER( MP4_Box_data_stsz_t ); MP4_READBOX_ENTER( MP4_Box_data_stsz_t );
MP4_GETVERSIONFLAGS( p_box->data.p_stsz ); MP4_GETVERSIONFLAGS( p_box->data.p_stsz );
MP4_GET4BYTES( p_box->data.p_stsz->i_sample_size ); MP4_GET4BYTES( p_box->data.p_stsz->i_sample_size );
MP4_GET4BYTES( p_box->data.p_stsz->i_sample_count ); MP4_GET4BYTES( p_box->data.p_stsz->i_sample_count );
if( p_box->data.p_stsz->i_sample_size == 0 )
{
p_box->data.p_stsz->i_entry_size = p_box->data.p_stsz->i_entry_size =
calloc( p_box->data.p_stsz->i_sample_count, sizeof(uint32_t) ); calloc( p_box->data.p_stsz->i_sample_count, sizeof(uint32_t) );
if( p_box->data.p_stsz->i_entry_size == NULL ) if( unlikely( !p_box->data.p_stsz->i_entry_size ) )
MP4_READBOX_EXIT( 0 ); MP4_READBOX_EXIT( 0 );
if( !p_box->data.p_stsz->i_sample_size ) for( unsigned int i = 0; (i<p_box->data.p_stsz->i_sample_count)&&(i_read >= 4 ); i++ )
{
for( i=0; (i<p_box->data.p_stsz->i_sample_count)&&(i_read >= 4 ); i++ )
{ {
MP4_GET4BYTES( p_box->data.p_stsz->i_entry_size[i] ); MP4_GET4BYTES( p_box->data.p_stsz->i_entry_size[i] );
} }
} }
else
p_box->data.p_stsz->i_entry_size = NULL;
#ifdef MP4_VERBOSE #ifdef MP4_VERBOSE
msg_Dbg( p_stream, "read box: \"stsz\" sample-size %d sample-count %d", msg_Dbg( p_stream, "read box: \"stsz\" sample-size %d sample-count %d",
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment