[PATCH] rfadts: add size guard on dmx (#2400)

author Aurelien David <aurelien.david@telecom-paristech.fr>

Thu, 16 Feb 2023 16:34:58 +0000 (17:34 +0100)

committer Aron Xu <aron@debian.org>

Tue, 23 May 2023 11:53:25 +0000 (12:53 +0100)
author Aurelien David <aurelien.david@telecom-paristech.fr>
Thu, 16 Feb 2023 16:34:58 +0000 (17:34 +0100)
committer Aron Xu <aron@debian.org>
Tue, 23 May 2023 11:53:25 +0000 (12:53 +0100)
diff --git a/src/filters/reframe_adts.c b/src/filters/reframe_adts.c

index 734410c4de44f1d28008fb826e01b1329ae14862..2746e5b602241bfece4ed334ca39ede8394c50ef 100644 (file)
--- a/src/filters/reframe_adts.c
+++ b/src/filters/reframe_adts.c
@@ -256,7 +256,7 @@ static void adts_dmx_check_dur(GF_Filter *filter, GF_ADTSDmxCtx *ctx)
                         gf_filter_pid_set_property(ctx->opid, GF_PROP_PID_DURATION, & PROP_FRAC64(ctx->duration));
                 }
         }
-       
+
         p = gf_filter_pid_get_property(ctx->ipid, GF_PROP_PID_FILE_CACHED);
         if (p && p->value.boolean) ctx->file_loaded = GF_TRUE;
         gf_filter_pid_set_property(ctx->opid, GF_PROP_PID_CAN_DATAREF, & PROP_BOOL(GF_TRUE ) );
@@ -715,6 +715,12 @@ GF_Err adts_dmx_process(GF_Filter *filter)
                 }
  
                 if (!ctx->in_seek) {
+
+                       if (sync_pos + offset + size > remain) {
+                               GF_LOG(GF_LOG_WARNING, GF_LOG_MEDIA, ("[ADTSDmx] truncated frame\n"));
+                               break;
+                       }
+
                         dst_pck = gf_filter_pck_new_alloc(ctx->opid, size, &output);
                         if (ctx->src_pck) gf_filter_pck_merge_properties(ctx->src_pck, dst_pck);
author	Aurelien David <aurelien.david@telecom-paristech.fr>
	Thu, 16 Feb 2023 16:34:58 +0000 (17:34 +0100)
committer	Aron Xu <aron@debian.org>
	Tue, 23 May 2023 11:53:25 +0000 (12:53 +0100)