vlc | branch: master | Shaleen Jain <[email protected]> | Tue Jul 4 18:36:54 2017 +0530| [7033852e1a8292734e1d5800bec864bb5fb24c30] | committer: Thomas Guillem
demux: stl: fix heap-buffer-overflow According to the spec, calloc can return a NULL or a unique pointer value if either of the arguments are 0 depending on the implementation. Add a guard to prevent allocation by returning an error in the above case. Signed-off-by: Thomas Guillem <[email protected]> > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=7033852e1a8292734e1d5800bec864bb5fb24c30 --- modules/demux/stl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/demux/stl.c b/modules/demux/stl.c index 9a0d5a131e..524f265e82 100644 --- a/modules/demux/stl.c +++ b/modules/demux/stl.c @@ -242,6 +242,8 @@ static int Open(vlc_object_t *object) const int cct = ParseInteger(&header[12], 2); const mtime_t program_start = ParseTextTimeCode(&header[256], fps); const size_t tti_count = ParseInteger(&header[238], 5); + if (!tti_count) + return VLC_EGENERIC; msg_Dbg(demux, "Detected EBU STL : CCT=%d TTI=%zu start=%8.8s %"PRId64, cct, tti_count, &header[256], program_start); demux_sys_t *sys = malloc(sizeof(*sys)); _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
