vlc/vlc-2.2 | branch: master | Francois Cartegnie <[email protected]> | Tue May 5 18:53:59 2015 +0200| [d69f7fdb349e24e8cea9235815cbc56b36398686] | committer: Jean-Baptiste Kempf
demux: mp4: have ReadBox check final size (cherry picked from commit cadfe695b4c138aa8708dc7c8cc5ecbdad77696c) Signed-off-by: Jean-Baptiste Kempf <[email protected]> > http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=d69f7fdb349e24e8cea9235815cbc56b36398686 --- modules/demux/mp4/libmp4.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/modules/demux/mp4/libmp4.c b/modules/demux/mp4/libmp4.c index 3912e7e..331262b 100644 --- a/modules/demux/mp4/libmp4.c +++ b/modules/demux/mp4/libmp4.c @@ -3576,6 +3576,15 @@ static MP4_Box_t *MP4_ReadBox( stream_t *p_stream, MP4_Box_t *p_father ) free( p_box ); return NULL; } + + if( p_father && p_father->i_size > 0 && + p_father->i_pos + p_father->i_size < p_box->i_pos + p_box->i_size ) + { + msg_Dbg( p_stream, "out of bound child" ); + free( p_box ); + return NULL; + } + if( !p_box->i_size ) { msg_Dbg( p_stream, "found an empty box (null size)" ); _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
