]> git.vomp.tv Git - vompclient.git/commitdiff
projects / vompclient.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ce2f158)
Added two buffer length checks in NALUUnit::NALUUnit - fixes a segfault
authorChris Tallon <chris@vomp.tv>
Tue, 10 May 2016 14:20:20 +0000 (14:20 +0000)
committerChris Tallon <chris@vomp.tv>
Tue, 10 May 2016 14:20:20 +0000 (14:20 +0000)
demuxer.cc [changed mode: 0644->0755] patch | blob | history

diff --git a/demuxer.cc b/demuxer.cc
old mode 100644 (file)
new mode 100755 (executable)
index 126596a..b807923
--- a/demuxer.cc
+++ b/demuxer.cc
@@ -88,6 +88,7 @@ NALUUnit::NALUUnit(const UCHAR *buf, UINT length_buf)
         pattern = ((pattern << 8) | buf[nalu_start])&0x00FFFFFF;
     }
     nalu_end=nalu_start+1;
+    if (nalu_end >= length_buf) return; // input buffer too small. corrupt data? ignore.
     pattern = ((pattern << 8) | buf[nalu_end])&0x00FFFFFF;
 
     while (pattern != 0x000001 && pattern != 0x000000)
@@ -97,6 +98,7 @@ NALUUnit::NALUUnit(const UCHAR *buf, UINT length_buf)
     }
     nalu_end-=3;
     nalu_end=min(length_buf-1,nalu_end);
+    if (nalu_end <= nalu_start) return; // input buffer too small. corrupt data? ignore.
     nalu_length=nalu_end-nalu_start;
     nalu_buf=(UCHAR*)malloc(nalu_length);
     memcpy(nalu_buf,buf+nalu_start,nalu_length);
VOMP Client - VDR on MVP