[vlc-commits] demux: mp4: have ReadBox check final size

Francois Cartegnie Tue, 05 May 2015 11:36:51 -0700

vlc | branch: master | Francois Cartegnie <[email protected]> | Tue May  5 
18:53:59 2015 +0200| [cadfe695b4c138aa8708dc7c8cc5ecbdad77696c] | committer: 
Francois Cartegnie


demux: mp4: have ReadBox check final size

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=cadfe695b4c138aa8708dc7c8cc5ecbdad77696c
---

 modules/demux/mp4/libmp4.c |    9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/modules/demux/mp4/libmp4.c b/modules/demux/mp4/libmp4.c
index 849d613..29835ee 100644
--- a/modules/demux/mp4/libmp4.c
+++ b/modules/demux/mp4/libmp4.c
@@ -3981,6 +3981,15 @@ static MP4_Box_t *MP4_ReadBox( stream_t *p_stream, 
MP4_Box_t *p_father )
         free( p_box );
         return NULL;
     }
+
+    if( p_father && p_father->i_size > 0 &&
+        p_father->i_pos + p_father->i_size < p_box->i_pos + p_box->i_size )
+    {
+        msg_Dbg( p_stream, "out of bound child" );
+        free( p_box );
+        return NULL;
+    }
+
     if( !p_box->i_size )
     {
         msg_Dbg( p_stream, "found an empty box (null size)" );

_______________________________________________
vlc-commits mailing list
[email protected]
https://mailman.videolan.org/listinfo/vlc-commits

[vlc-commits] demux: mp4: have ReadBox check final size

Reply via email to