[FFmpeg-cvslog] avformat/mpegts: use a padded buffer in read_sl_header()
Michael Niedermayer
git at videolan.org
Sun Oct 5 00:32:29 CEST 2014
ffmpeg | branch: release/2.4 | Michael Niedermayer <michaelni at gmx.at> | Sat Oct 4 05:14:08 2014 +0200| [32e8922faf2e86d6db1900eb6ab9a0ad0c1542d7] | committer: Michael Niedermayer
avformat/mpegts: use a padded buffer in read_sl_header()
Fixes overread
Fixes: asan_heap-oob_84f75d_8_asan_heap-oob_a2a00a_341_mbc.ts
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 27f6da292118850ca7900de64d06b56e0ebb5070)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=32e8922faf2e86d6db1900eb6ab9a0ad0c1542d7
---
libavformat/mpegts.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c
index a6b966b..8808269 100644
--- a/libavformat/mpegts.c
+++ b/libavformat/mpegts.c
@@ -858,8 +858,12 @@ static int read_sl_header(PESContext *pes, SLConfigDescr *sl,
int padding_flag = 0, padding_bits = 0, inst_bitrate_flag = 0;
int dts_flag = -1, cts_flag = -1;
int64_t dts = AV_NOPTS_VALUE, cts = AV_NOPTS_VALUE;
+ uint8_t buf_padded[128 + FF_INPUT_BUFFER_PADDING_SIZE];
+ int buf_padded_size = FFMIN(buf_size, sizeof(buf_padded) - FF_INPUT_BUFFER_PADDING_SIZE);
- init_get_bits(&gb, buf, buf_size * 8);
+ memcpy(buf_padded, buf, buf_padded_size);
+
+ init_get_bits(&gb, buf_padded, buf_padded_size * 8);
if (sl->use_au_start)
au_start_flag = get_bits1(&gb);
More information about the ffmpeg-cvslog
mailing list