[Bug 775048] mpegts decoder: Out of bounds read in gst_mpegts_section_new
GStreamer (GNOME Bugzilla)
bugzilla at gnome.org
Thu Nov 24 20:44:08 UTC 2016
https://bugzilla.gnome.org/show_bug.cgi?id=775048
Sebastian Dröge (slomo) <slomo at coaxion.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #340713|none |needs-work
status| |
--- Comment #2 from Sebastian Dröge (slomo) <slomo at coaxion.net> ---
Review of attachment 340713:
--> (https://bugzilla.gnome.org/review?bug=775048&attachment=340713)
Thanks for the patch, and for finding this :)
::: gst-libs/gst/mpegts/gstmpegtssection.c
@@ +1184,3 @@
/* Check for length */
section_length = GST_READ_UINT16_BE (data + 1) & 0x0FFF;
+ if (section_length < 5) {
It probably makes sense to check before reading the section length already if
data_size >= 3. I'm also not sure where the 5 comes from. We first 3 bytes, and
then *if* it is not a short section we read another 5 bytes (which should then
be checked if we don't have a short section only).
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
More information about the gstreamer-bugs
mailing list