Fix potential static array overflow (CID 40 and 192)

471fa3a8 · Derk-Jan Hartman · 6357ef21 · 471fa3a8 · 471fa3a8
Commit 471fa3a8 authored Oct 10, 2008 by Derk-Jan Hartman
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 4 deletions

modules/demux/ps.h modules/demux/ps.h +2 -2

modules/demux/ts.c modules/demux/ts.c +2 -2

No files found.
--- a/modules/demux/ps.h
+++ b/modules/demux/ps.h
@@ -344,10 +344,10 @@ static inline int ps_pkt_parse_system( block_t *p_pkt, ps_psm_t *p_psm,
 /* Parse a PES (and skip i_skip_extra in the payload) */
 static inline int ps_pkt_parse_pes( block_t *p_pes, int i_skip_extra )
 {
-    uint8_t header[30];
+    uint8_t header[34];
    unsigned int i_skip  = 0;
-    memcpy( header, p_pes->p_buffer, __MIN( p_pes->i_buffer, 30 ) );
+    memcpy( header, p_pes->p_buffer, __MIN( p_pes->i_buffer, 34 ) );
    switch( header[3] )
    {

--- a/modules/demux/ts.c
+++ b/modules/demux/ts.c
@@ -1664,7 +1664,7 @@ static void PIDClean( es_out_t *out, ts_pid_t *pid )
 static void ParsePES( demux_t *p_demux, ts_pid_t *pid )
 {
    block_t *p_pes = pid->es->p_pes;
-    uint8_t header[30];
+    uint8_t header[34];
    int     i_pes_size = 0;
    int     i_skip = 0;
    mtime_t i_dts = -1;
@@ -1679,7 +1679,7 @@ static void ParsePES( demux_t *p_demux, ts_pid_t *pid )
    pid->es->pp_last = &pid->es->p_pes;
    /* FIXME find real max size */
-    i_max = block_ChainExtract( p_pes, header, 30 );
+    i_max = block_ChainExtract( p_pes, header, 34 );
    if( header[0] != 0 || header[1] != 0 || header[2] != 1 )