vlc | branch: master | Francois Cartegnie <[email protected]> | Thu Feb 14 12:07:56 2019 +0100| [019b548a38ce0e837469c556781e9c65141a4734] | committer: Hugo Beauzée-Luyssen
demux: mp4: fix potential oob deref https://hackerone.com/reports/495092 Signed-off-by: Hugo Beauzée-Luyssen <[email protected]> > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=019b548a38ce0e837469c556781e9c65141a4734 --- modules/demux/mp4/mp4.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/demux/mp4/mp4.c b/modules/demux/mp4/mp4.c index 8a6fbdbc3b..540aa836c2 100644 --- a/modules/demux/mp4/mp4.c +++ b/modules/demux/mp4/mp4.c @@ -3176,7 +3176,8 @@ static int TrackTimeToSampleChunk( demux_t *p_demux, mp4_track_t *p_track, /* *** find sample in the chunk *** */ i_sample = p_track->chunk[i_chunk].i_sample_first; i_dts = p_track->chunk[i_chunk].i_first_dts; - for( i_index = 0; i_sample < p_track->chunk[i_chunk].i_sample_count; ) + for( i_index = 0; i_index < p_track->chunk[i_chunk].i_entries_dts && + i_sample < p_track->chunk[i_chunk].i_sample_count; ) { if( i_dts + p_track->chunk[i_chunk].p_sample_count_dts[i_index] * _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
