From 6d767a09d8b85918304115255dbaacdac644a7d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Zanelli?= Date: Thu, 11 Sep 2014 18:33:20 +0200 Subject: [PATCH] tsdemux: fix overflow of packet_length field of PESHeader packet_length is defined as a guint16 in the PESHeader structure. This definition match the specification. But since we add 6 bytes to the packet_length value (length of start_code + stream_id + packet_length), we can overflow the guint16 when the value in the PES header is greater than 65529. So use a guint32 instead of a guint16 to avoid overflow. https://bugzilla.gnome.org/show_bug.cgi?id=736490 --- gst/mpegtsdemux/pesparse.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gst/mpegtsdemux/pesparse.h b/gst/mpegtsdemux/pesparse.h index 1d7d870e2c..a1600d33f5 100644 --- a/gst/mpegtsdemux/pesparse.h +++ b/gst/mpegtsdemux/pesparse.h @@ -143,7 +143,7 @@ typedef enum { typedef struct { guint8 stream_id; /* See ID_* above */ - guint16 packet_length; /* The size of the PES header and PES data + guint32 packet_length; /* The size of the PES header and PES data * (if 0 => unbounded packet) */ guint16 header_size; /* The complete size of the PES header */