[PATCH] fixed #2354

author jeanlf <jeanlf@gpac.io>

Sat, 17 Dec 2022 11:06:16 +0000 (12:06 +0100)

committer Aron Xu <aron@debian.org>

Tue, 23 May 2023 11:53:25 +0000 (12:53 +0100)
author jeanlf <jeanlf@gpac.io>
Sat, 17 Dec 2022 11:06:16 +0000 (12:06 +0100)
committer Aron Xu <aron@debian.org>
Tue, 23 May 2023 11:53:25 +0000 (12:53 +0100)
diff --git a/src/filters/reframe_latm.c b/src/filters/reframe_latm.c

index 08b5ebd5a09d4ce4b00cd2ad4534a4bc6102ab29..b3cbd34d11913d2f4c78a114b6587fae1aa96769 100644 (file)
--- a/src/filters/reframe_latm.c
+++ b/src/filters/reframe_latm.c
@@ -30,6 +30,8 @@
  
  #ifndef GPAC_DISABLE_AV_PARSERS
  
+#define LATM_DMX_MAX_SIZE      8192
+
  typedef struct
  {
         u64 pos;
@@ -152,7 +154,7 @@ static Bool latm_dmx_sync_frame_bs(GF_BitStream *bs, GF_M4ADecSpecInfo *acfg, u3
                         size += tmp;
                         if (tmp!=255) break;
                 }
-               if (gf_bs_available(bs) < size) {
+               if ((gf_bs_available(bs) < size) || (size > LATM_DMX_MAX_SIZE)){
                         gf_bs_seek(bs, pos-3);
                         return GF_FALSE;
                 }
@@ -482,8 +484,8 @@ GF_Err latm_dmx_process(GF_Filter *filter)
  
         while (1) {
                 pos = (u32) gf_bs_get_position(ctx->bs);
-               u8 latm_buffer[4096];
-               u32 latm_frame_size = 4096;
+               u8 latm_buffer[LATM_DMX_MAX_SIZE];
+               u32 latm_frame_size = LATM_DMX_MAX_SIZE;
                 if (!latm_dmx_sync_frame_bs(ctx->bs,&ctx->acfg, &latm_frame_size, latm_buffer, NULL)) break;
  
                 if (ctx->in_seek) {
author	jeanlf <jeanlf@gpac.io>
	Sat, 17 Dec 2022 11:06:16 +0000 (12:06 +0100)
committer	Aron Xu <aron@debian.org>
	Tue, 23 May 2023 11:53:25 +0000 (12:53 +0100)