[FFmpeg-cvslog] avformat/mpegts: Fix potential pointer overflows
Michael Niedermayer
git at videolan.org
Mon Mar 16 22:59:47 CET 2015
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Mon Mar 16 22:37:46 2015 +0100| [1b3b018aa4e43d7bf87df5cdf28c69a9ad5a6cbc] | committer: Michael Niedermayer
avformat/mpegts: Fix potential pointer overflows
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1b3b018aa4e43d7bf87df5cdf28c69a9ad5a6cbc
---
libavformat/mpegts.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c
index 9e9ad47..a4b6d4d 100644
--- a/libavformat/mpegts.c
+++ b/libavformat/mpegts.c
@@ -596,7 +596,7 @@ static inline int get16(const uint8_t **pp, const uint8_t *p_end)
int c;
p = *pp;
- if ((p + 1) >= p_end)
+ if (1 >= p_end - p)
return AVERROR_INVALIDDATA;
c = AV_RB16(p);
p += 2;
@@ -615,7 +615,7 @@ static char *getstr8(const uint8_t **pp, const uint8_t *p_end)
len = get8(&p, p_end);
if (len < 0)
return NULL;
- if ((p + len) > p_end)
+ if (len > p_end - p)
return NULL;
str = av_malloc(len + 1);
if (!str)
@@ -2181,7 +2181,7 @@ static int handle_packet(MpegTSContext *ts, const uint8_t *packet)
if (is_start) {
/* pointer field present */
len = *p++;
- if (p + len > p_end)
+ if (len > p_end - p)
return 0;
if (len && cc_ok) {
/* write remaining section bytes */
More information about the ffmpeg-cvslog
mailing list