From 164d79d15851689bf5e5be2fa50a6a6a6dbe1085 Mon Sep 17 00:00:00 2001
From: Chris Tallon <chris@vomp.tv>
Date: Tue, 10 May 2016 14:20:20 +0000
Subject: [PATCH] Added two buffer length checks in NALUUnit::NALUUnit - fixes
 a segfault

---
 demuxer.cc | 2 ++
 1 file changed, 2 insertions(+)
 mode change 100644 => 100755 demuxer.cc

diff --git a/demuxer.cc b/demuxer.cc
old mode 100644
new mode 100755
index 126596a..b807923
--- a/demuxer.cc
+++ b/demuxer.cc
@@ -88,6 +88,7 @@ NALUUnit::NALUUnit(const UCHAR *buf, UINT length_buf)
         pattern = ((pattern << 8) | buf[nalu_start])&0x00FFFFFF;
     }
     nalu_end=nalu_start+1;
+    if (nalu_end >= length_buf) return; // input buffer too small. corrupt data? ignore.
     pattern = ((pattern << 8) | buf[nalu_end])&0x00FFFFFF;
 
     while (pattern != 0x000001 && pattern != 0x000000)
@@ -97,6 +98,7 @@ NALUUnit::NALUUnit(const UCHAR *buf, UINT length_buf)
     }
     nalu_end-=3;
     nalu_end=min(length_buf-1,nalu_end);
+    if (nalu_end <= nalu_start) return; // input buffer too small. corrupt data? ignore.
     nalu_length=nalu_end-nalu_start;
     nalu_buf=(UCHAR*)malloc(nalu_length);
     memcpy(nalu_buf,buf+nalu_start,nalu_length);
-- 
2.39.2