Mercurial > mplayer.hg

changeset 31603:2b455d7357cc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Check packet size before memmove to avoid crashes e.g. if we recognized the wrong type and subtracted more header bytes than there are overall bytes.
author reimar
date Sat, 10 Jul 2010 16:43:00 +0000
parents 31eb98126392
children a513b4166abd
files libmpdemux/demux_ts.c
diffstat 1 files changed, 4 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/libmpdemux/demux_ts.c	Sat Jul 10 16:30:59 2010 +0000
+++ b/libmpdemux/demux_ts.c	Sat Jul 10 16:43:00 2010 +0000
@@ -3152,6 +3152,10 @@
 
 				demuxer->filepos = stream_tell(demuxer->stream) - es->size;
 
+				if(es->size < 0 || es->size > buf_size) {
+					mp_msg(MSGT_DEMUX, MSGL_ERR, "Broken ES packet size\n");
+					es->size = 0;
+				}
 				memmove(p, es->start, es->size);
 				*dp_offset += es->size;
 				(*dp)->flags = 0;