/****************************************************************************
* gathering stuff
****************************************************************************/
-static int ParsePESHeader( demux_t *p_demux, const uint8_t *p_header,
+static int ParsePESHeader( demux_t *p_demux, const uint8_t *p_header, size_t i_header,
unsigned *pi_skip, mtime_t *pi_dts, mtime_t *pi_pts )
{
unsigned i_skip;
+ if ( i_header < 9 )
+ return VLC_EGENERIC;
+
switch( p_header[3] )
{
case 0xBC: /* Program stream map */
{
/* mpeg2 PES */
i_skip = p_header[8] + 9;
+ if( i_header < i_skip )
+ return VLC_EGENERIC;
if( p_header[7]&0x80 ) /* has pts */
{
+ if( i_header < 9 + 5 )
+ return VLC_EGENERIC;
*pi_pts = ExtractPESTimestamp( &p_header[9] );
if( p_header[7]&0x40 ) /* has dts */
+ {
+ if( i_header < 14 + 5 )
+ return VLC_EGENERIC;
*pi_dts = ExtractPESTimestamp( &p_header[14] );
+ }
}
}
else
{
i_skip = 6;
+ if( i_header < i_skip + 1 )
+ return VLC_EGENERIC;
while( i_skip < 23 && p_header[i_skip] == 0xff )
{
i_skip++;
+ if( i_header < i_skip + 1 )
+ return VLC_EGENERIC;
}
if( i_skip == 23 )
{
i_skip += 2;
}
+ if( i_header < i_skip + 1 )
+ return VLC_EGENERIC;
+
if( p_header[i_skip]&0x20 )
{
+ if( i_header < i_skip + 5 )
+ return VLC_EGENERIC;
*pi_pts = ExtractPESTimestamp( &p_header[i_skip] );
if( p_header[i_skip]&0x10 ) /* has dts */
{
+ if( i_header < i_skip + 10 )
+ return VLC_EGENERIC;
*pi_dts = ExtractPESTimestamp( &p_header[i_skip+5] );
i_skip += 10;
}
break;
}
+ if( i_header < i_skip )
+ return VLC_EGENERIC;
+
*pi_skip = i_skip;
return VLC_SUCCESS;
}
mtime_t i_pts = -1;
mtime_t i_length = 0;
- /* FIXME find real max size */
const int i_max = block_ChainExtract( p_pes, header, 34 );
- assert(i_max >= 34);
- if (unlikely(i_max < 34))
+ if ( i_max < 4 )
{
block_ChainRelease( p_pes );
return;
return;
}
- /* TODO check size */
- if( ParsePESHeader( p_demux, (uint8_t*)&header, &i_skip, &i_dts, &i_pts ) == VLC_EGENERIC )
+ if( ParsePESHeader( p_demux, (uint8_t*)&header, i_max, &i_skip, &i_dts, &i_pts ) == VLC_EGENERIC )
{
block_ChainRelease( p_pes );
return;
unsigned i_skip = 4;
if ( p_pkt->p_buffer[3] & 0x20 ) // adaptation field
{
- i_pcr = GetPCR( p_pkt );
- i_skip += 1 + p_pkt->p_buffer[4];
+ if( p_pkt->i_buffer >= 4 + 2 + 5 )
+ {
+ i_pcr = GetPCR( p_pkt );
+ i_skip += 1 + p_pkt->p_buffer[4];
+ }
}
else
{
mtime_t i_dts = -1;
mtime_t i_pts = -1;
- if ( VLC_SUCCESS == ParsePESHeader( p_demux, &p_pkt->p_buffer[i_skip], &i_skip, &i_dts, &i_pts ) )
+ if ( VLC_SUCCESS == ParsePESHeader( p_demux, &p_pkt->p_buffer[i_skip],
+ p_pkt->i_buffer - i_skip, &i_skip, &i_dts, &i_pts ) )
{
if( i_dts > -1 )
i_pcr = i_dts;
{
bool b_pcrresult = true;
- *pi_pcr = GetPCR( p_pkt );
+ if( p_pkt->i_buffer >= 4 + 2 + 5 )
+ *pi_pcr = GetPCR( p_pkt );
if( *pi_pcr == -1 )
{
if ( p_pkt->p_buffer[3] & 0x20 ) // adaptation field
i_skip += 1 + p_pkt->p_buffer[4];
- if ( VLC_SUCCESS == ParsePESHeader( p_demux, &p_pkt->p_buffer[i_skip], &i_skip, &i_dts, &i_pts ) )
+ if ( VLC_SUCCESS == ParsePESHeader( p_demux, &p_pkt->p_buffer[i_skip],
+ p_pkt->i_buffer - i_skip,
+ &i_skip, &i_dts, &i_pts ) )
{
if( i_dts != -1 )
*pi_pcr = i_dts;