mpegts: Check program_info_length

Michael Niedermayer via ffmpeg-cvslog Tue, 05 May 2026 10:39:10 -0700

This is an automated email from the git hooks/post-receive script.

Git pushed a commit to branch release/4.4
in repository ffmpeg.


commit 1877b3159018a1da467427cd3051b4449cdd080d
Author:     Michael Niedermayer <[email protected]>
AuthorDate: Mon Jan 26 02:43:25 2026 +0100
Commit:     Michael Niedermayer <[email protected]>
CommitDate: Tue May 5 18:54:58 2026 +0200

    avformat/mpegts: Check program_info_length
    
    Fixes: overread
    No testcase
    
    Found-by: Marton Balint
    Signed-off-by: Michael Niedermayer <[email protected]>
    (cherry picked from commit 1fd718c6a9764d591e3d0b8d01511ce0d91a7f58)
    Signed-off-by: Michael Niedermayer <[email protected]>
---
 libavformat/mpegts.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c
index fa0b608e61..0758152b3a 100644
--- a/libavformat/mpegts.c
+++ b/libavformat/mpegts.c
@@ -2335,7 +2335,8 @@ static void pmt_cb(MpegTSFilter *filter, const uint8_t 
*section, int section_len
     av_log(ts->stream, AV_LOG_TRACE, "pcr_pid=0x%x\n", pcr_pid);
 
     program_info_length = get16(&p, p_end);
-    if (program_info_length < 0)
+
+    if (program_info_length < 0 || (program_info_length & 0xFFF) > p_end - p)
         return;
     program_info_length &= 0xfff;
     while (program_info_length >= 2) {

_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]

[FFmpeg-cvslog] [ffmpeg] 24/127: avformat/mpegts: Check program_info_length

Reply via email to