diff --git a/ChangeLog b/ChangeLog index a87ddf4216..c7e44b14d7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2008-01-24 Zaheer Abbas Merali + + * gst/mpegtsparse/gstmpegdesc.h: + * gst/mpegtsparse/mpegtspacketizer.c: + Fix network name descriptor, the length is actually the + descriptor length not stored in the byte after. + Fix bounds checking to be more correct. + 2008-01-24 Zaheer Abbas Merali * gst/mpegtsparse/gstmpegdesc.h: diff --git a/gst/mpegtsparse/gstmpegdesc.h b/gst/mpegtsparse/gstmpegdesc.h index f1ed7453ca..b75f6eb7b1 100644 --- a/gst/mpegtsparse/gstmpegdesc.h +++ b/gst/mpegtsparse/gstmpegdesc.h @@ -241,8 +241,8 @@ #define DESC_DVB_STREAM_IDENTIFIER_component_tag(desc) (desc[2]) /* DVB Network Name descriptor */ -#define DESC_DVB_NETWORK_NAME_length(desc) (GST_READ_UINT8((desc)+2)) -#define DESC_DVB_NETWORK_NAME_text(desc) (desc+3) +#define DESC_DVB_NETWORK_NAME_length(desc) (GST_READ_UINT8((desc)+1)) +#define DESC_DVB_NETWORK_NAME_text(desc) (desc+2) /* DVB Service Descriptor */ #define DESC_DVB_SERVICE_type(desc) (desc[2]) diff --git a/gst/mpegtsparse/mpegtspacketizer.c b/gst/mpegtsparse/mpegtspacketizer.c index 93ed387977..d4c050418f 100644 --- a/gst/mpegtsparse/mpegtspacketizer.c +++ b/gst/mpegtsparse/mpegtspacketizer.c @@ -613,22 +613,20 @@ mpegts_packetizer_parse_nit (MpegTSPacketizer * packetizer, gst_mpeg_descriptor_find (mpegdescriptor, DESC_DVB_NETWORK_NAME); if (networkname_descriptor != NULL) { gchar *networkname_tmp; - guint networkname_length = + + /* No need to bounds check this value as it comes from the descriptor length itself */ + guint8 networkname_length = DESC_DVB_NETWORK_NAME_length (networkname_descriptor); gchar *networkname = (gchar *) DESC_DVB_NETWORK_NAME_text (networkname_descriptor); - if ((guint8 *) networkname + networkname_length < - networkname_descriptor + DESC_LENGTH (networkname_descriptor)) { - - if (networkname[0] < 0x20) { - networkname_length -= 1; - networkname += 1; - } - networkname_tmp = g_strndup (networkname, networkname_length); - gst_structure_set (nit, "network-name", G_TYPE_STRING, networkname_tmp, - NULL); - g_free (networkname_tmp); + if (networkname[0] < 0x20) { + networkname_length -= 1; + networkname += 1; } + networkname_tmp = g_strndup (networkname, networkname_length); + gst_structure_set (nit, "network-name", G_TYPE_STRING, networkname_tmp, + NULL); + g_free (networkname_tmp); } gst_mpeg_descriptor_free (mpegdescriptor); @@ -1119,11 +1117,8 @@ mpegts_packetizer_parse_sdt (MpegTSPacketizer * packetizer, DESC_DVB_SERVICE_name_length (service_descriptor); gchar *servicename = (gchar *) DESC_DVB_SERVICE_name_text (service_descriptor); - if ((guint8 *) servicename + servicename_length < - service_descriptor + DESC_LENGTH (service_descriptor) - && (guint8 *) serviceprovider_name + serviceprovider_name_length < - service_descriptor + DESC_LENGTH (service_descriptor)) { - + if (servicename_length + serviceprovider_name_length + 2 <= + DESC_LENGTH (service_descriptor)) { if (servicename[0] < 0x20) { servicename_length -= 1; servicename += 1; @@ -1346,10 +1341,8 @@ mpegts_packetizer_parse_eit (MpegTSPacketizer * packetizer, DESC_DVB_SHORT_EVENT_description_length (event_descriptor); gchar *eventdescription = (gchar *) DESC_DVB_SHORT_EVENT_description_text (event_descriptor); - if ((guint8 *) eventname + eventname_length < - event_descriptor + DESC_LENGTH (event_descriptor) - && (guint8 *) eventdescription + eventdescription_length < - event_descriptor + DESC_LENGTH (event_descriptor)) { + if (eventname_length + eventdescription_length + 2 <= + DESC_LENGTH (event_descriptor)) { if (eventname[0] < 0x20) { eventname_length -= 1; eventname += 1;