diff options
| author | Luca Barbato <lu_zero@gentoo.org> | 2016-02-17 02:16:42 +0100 |
|---|---|---|
| committer | Luca Barbato <lu_zero@gentoo.org> | 2016-05-03 14:21:45 +0900 |
| commit | 74d98d1b0e0e7af444c933ea3c472494de3ce6f2 (patch) | |
| tree | 09fa87b6d464186ff228877cce8d62219dabb9bd | |
| parent | 1982d0cc561912d685a0c2dbe58bc19f50bae231 (diff) | |
| download | ffmpeg-74d98d1b0e0e7af444c933ea3c472494de3ce6f2.tar.gz | |
mpegts: Validate the SL Packet Header Configuration
timeStampLength, OCRLength and AU_Length have well specified upper
boundaries.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
| -rw-r--r-- | libavformat/mpegts.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index 4a593cbf93..740cc14d43 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -1171,6 +1171,11 @@ static int parse_MP4SLDescrTag(MP4DescrParseContext *d, int64_t off, int len) descr->sl.degr_prior_len = lengths >> 12; descr->sl.au_seq_num_len = (lengths >> 7) & 0x1f; descr->sl.packet_seq_num_len = (lengths >> 2) & 0x1f; + if (descr->sl.timestamp_len >= 64 || + descr->sl.ocr_len >= 64 || + descr->sl.au_len >= 32) { + return AVERROR_INVALIDDATA; + } } else { avpriv_report_missing_feature(d->s, "Predefined SLConfigDescriptor"); } |