Commit f928f7db authored by Rafaël Carré's avatar Rafaël Carré

Really fix H264 packetizing: abort PacketizeAVC1() if computed size is too huge

(cherry picked from commit 96fca586)
parent ba61d7b9
......@@ -443,14 +443,16 @@ static block_t *PacketizeAVC1( decoder_t *p_dec, block_t **pp_block )
i_size = (i_size << 8) | (*p++);
}
if( i_size > 0 && i_size < p_block->i_buffer )
if( i_size <= 0 ||
i_size >= ( p - p_block->p_buffer + p_block->i_buffer ) )
{
msg_Err( p_dec, "Broken frame : size %d is too big", i_size );
break;
}
block_t *p_part = nal_get_annexeb( p_dec, p, i_size );
if( !p_part )
{
block_Release( p_block );
return NULL;
}
break;
p_part->i_dts = p_block->i_dts;
p_part->i_pts = p_block->i_pts;
......@@ -459,7 +461,6 @@ static block_t *PacketizeAVC1( decoder_t *p_dec, block_t **pp_block )
{
block_ChainAppend( &p_ret, p_pic );
}
}
p += i_size;
}
block_Release( p_block );
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment