Skip to content

V
vlc
Commit f928f7db authored by Rafaël Carré's avatar Rafaël Carré
Browse files
Options

Really fix H264 packetizing: abort PacketizeAVC1() if computed size is too huge 

(cherry picked from commit 96fca586)
parent ba61d7b9
Show whitespace changes
Inline Side-by-side
Showing with 15 additions and 14 deletions
modules/packetizer/h264.c
View file @ f928f7db
...@@ -443,14 +443,16 @@ static block_t *PacketizeAVC1( decoder_t *p_dec, block_t **pp_block ) ...@@ -443,14 +443,16 @@ static block_t *PacketizeAVC1( decoder_t *p_dec, block_t **pp_block )
i_size = (i_size << 8) | (*p++); i_size = (i_size << 8) | (*p++);
} }
if( i_size > 0 && i_size < p_block->i_buffer ) if( i_size <= 0 ||
i_size >= ( p - p_block->p_buffer + p_block->i_buffer ) )
{ {
msg_Err( p_dec, "Broken frame : size %d is too big", i_size );
break;
}
block_t *p_part = nal_get_annexeb( p_dec, p, i_size ); block_t *p_part = nal_get_annexeb( p_dec, p, i_size );
if( !p_part ) if( !p_part )
{ break;
block_Release( p_block );
return NULL;
}
p_part->i_dts = p_block->i_dts; p_part->i_dts = p_block->i_dts;
p_part->i_pts = p_block->i_pts; p_part->i_pts = p_block->i_pts;
...@@ -459,7 +461,6 @@ static block_t *PacketizeAVC1( decoder_t *p_dec, block_t **pp_block ) ...@@ -459,7 +461,6 @@ static block_t *PacketizeAVC1( decoder_t *p_dec, block_t **pp_block )
{ {
block_ChainAppend( &p_ret, p_pic ); block_ChainAppend( &p_ret, p_pic );
} }
}
p += i_size; p += i_size;
} }
block_Release( p_block ); block_Release( p_block );
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment