On 17/02/16 02:16, Luca Barbato wrote:
> timeStampLength, OCRLength and AU_Length have well specified upper
> boundaries.
> ---
> libavformat/mpegts.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c
> index 01af597..fb033c9 100644
> --- a/libavformat/mpegts.c
> +++ b/libavformat/mpegts.c
> @@ -1168,6 +1168,11 @@ static int parse_MP4SLDescrTag(MP4DescrParseContext
> *d, int64_t off, int len)
> descr->sl.degr_prior_len = lengths >> 12;
> descr->sl.au_seq_num_len = (lengths >> 7) & 0x1f;
> descr->sl.packet_seq_num_len = (lengths >> 2) & 0x1f;
> + if (descr->sl.timestamp_len >= 64 ||
> + descr->sl.ocr_len >= 64 ||
> + descr->sl.au_len >= 32) {
> + return AVERROR_INVALIDDATA;
> + }
> } else {
> avpriv_report_missing_feature(d->s, "Predefined SLConfigDescriptor");
> }
>
Ping.
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
