mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2024-11-27 12:11:13 +00:00
mpegtsparse: check offset when retrieving table_id on malformed packets
This commit is contained in:
parent
63110cab94
commit
e62978d045
1 changed files with 17 additions and 6 deletions
|
@ -222,11 +222,9 @@ mpegts_parse_base_init (gpointer klass)
|
|||
{
|
||||
GstElementClass *element_class = GST_ELEMENT_CLASS (klass);
|
||||
|
||||
gst_element_class_add_static_pad_template (element_class,
|
||||
&sink_template);
|
||||
gst_element_class_add_static_pad_template (element_class, &sink_template);
|
||||
gst_element_class_add_static_pad_template (element_class, &src_template);
|
||||
gst_element_class_add_static_pad_template (element_class,
|
||||
&program_template);
|
||||
gst_element_class_add_static_pad_template (element_class, &program_template);
|
||||
|
||||
gst_element_class_set_details_simple (element_class,
|
||||
"MPEG transport stream parser", "Codec/Parser",
|
||||
|
@ -894,6 +892,19 @@ mpegts_parse_is_psi (MpegTSParse * parse, MpegTSPacketizerPacket * packet)
|
|||
if (packet->payload_unit_start_indicator) {
|
||||
data = packet->data;
|
||||
pointer = *data++;
|
||||
/* avoid out of range:
|
||||
* packet->data is equal to GST_BUFFER_DATA (packet->buffer)
|
||||
* so the data size is GST_BUFFER_SIZE (packet->buffer).
|
||||
* 'pointer' is the offset (the next line is data += pointer)
|
||||
* so we need to check that 'pointer' is not greater than the data size
|
||||
* For example GST_BUFFER_SIZE (packet->buffer) is typically equal to 188
|
||||
* So 'pointer' has to be strictly less than 188
|
||||
*/
|
||||
if (!(pointer < GST_BUFFER_SIZE (packet->buffer))) {
|
||||
GST_WARNING_OBJECT (parse,
|
||||
"Wrong offset when retrieving table id: 0x%x", pointer);
|
||||
return FALSE;
|
||||
}
|
||||
data += pointer;
|
||||
table_id = *data;
|
||||
i = 0;
|
||||
|
|
Loading…
Reference in a new issue