vlc/vlc-3.0 | branch: master | Francois Cartegnie <[email protected]> | Thu Feb 14 12:07:56 2019 +0100| [c915430f08475d423c67e2e5e61e20079d4a0cff] | committer: Hugo Beauzée-Luyssen
demux: mp4: fix potential oob deref https://hackerone.com/reports/495092 Signed-off-by: Hugo Beauzée-Luyssen <[email protected]> (cherry picked from commit 019b548a38ce0e837469c556781e9c65141a4734) Signed-off-by: Hugo Beauzée-Luyssen <[email protected]> > http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=c915430f08475d423c67e2e5e61e20079d4a0cff --- modules/demux/mp4/mp4.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/demux/mp4/mp4.c b/modules/demux/mp4/mp4.c index b7e8fb9413..edda423bed 100644 --- a/modules/demux/mp4/mp4.c +++ b/modules/demux/mp4/mp4.c @@ -3034,7 +3034,8 @@ static int TrackTimeToSampleChunk( demux_t *p_demux, mp4_track_t *p_track, /* *** find sample in the chunk *** */ i_sample = p_track->chunk[i_chunk].i_sample_first; i_dts = p_track->chunk[i_chunk].i_first_dts; - for( i_index = 0; i_sample < p_track->chunk[i_chunk].i_sample_count; ) + for( i_index = 0; i_index < p_track->chunk[i_chunk].i_entries_dts && + i_sample < p_track->chunk[i_chunk].i_sample_count; ) { if( i_dts + p_track->chunk[i_chunk].p_sample_count_dts[i_index] * _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
