hydrar/mistserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed overflow problems when reading corrupt AVCC box

Browse source
This commit is contained in:
Thulinma 2017-07-01 12:34:54 +02:00
parent 0eefe5a477
commit f9a0ec5b78
1 changed files with 16 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
lib/mp4_generic.cpp
View file

@ -574,7 +574,12 @@ namespace MP4 {
} }
uint32_t AVCC::getSPSLen() { uint32_t AVCC::getSPSLen() {
return getInt16(6); uint16_t len = getInt16(6);
if (len > payloadSize() - 8){
WARN_MSG("SPS length of %u is more than AVCC box size %lu", len, payloadSize());
return 0;
}
return len;
} }
char * AVCC::getSPS() { char * AVCC::getSPS() {
@ -621,7 +626,16 @@ namespace MP4 {
uint32_t AVCC::getPPSLen() { uint32_t AVCC::getPPSLen() {
int offset = 8 + getSPSLen() + 1; int offset = 8 + getSPSLen() + 1;
return getInt16(offset); if (offset > payloadSize() - 2){
WARN_MSG("Invalid PPS length offset! Aborting PPS read.");
return 0;
}
uint16_t len = getInt16(offset);
if (len > payloadSize() - offset - 2){
WARN_MSG("PPS length of %u is more than AVCC box size %lu", len, payloadSize());
return 0;
}
return len;
} }
char * AVCC::getPPS() { char * AVCC::getPPS() {