timeStampLength, OCRLength and AU_Length have well specified upper
boundaries.
---
libavformat/mpegts.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c
index 01af597..fb033c9 100644
--- a/libavformat/mpegts.c
+++ b/libavformat/mpegts.c
@@ -1168,6 +1168,11 @@ static int parse_MP4SLDescrTag(MP4DescrParseContext *d,
int64_t off, int len)
descr->sl.degr_prior_len = lengths >> 12;
descr->sl.au_seq_num_len = (lengths >> 7) & 0x1f;
descr->sl.packet_seq_num_len = (lengths >> 2) & 0x1f;
+ if (descr->sl.timestamp_len >= 64 ||
+ descr->sl.ocr_len >= 64 ||
+ descr->sl.au_len >= 32) {
+ return AVERROR_INVALIDDATA;
+ }
} else {
avpriv_report_missing_feature(d->s, "Predefined SLConfigDescriptor");
}
--
2.6.1
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
