sysmocom
/
pjproject
11
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed buffer overflow in h264 unpacketizer (#3434)

This commit is contained in:
sauwming 2023-03-14 10:25:46 +08:00 committed by GitHub
parent b4184bb56d
commit fd6125c4dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pjmedia/src/pjmedia-codec/h264_packetizer.c
View File

@ -437,6 +437,9 @@ PJ_DEF(pj_status_t) pjmedia_h264_unpacketize(pjmedia_h264_packetizer *pktz,
while (q < q_end && p < p_end) {
pj_uint16_t tmp_nal_size;
if (p + pktz->cfg.unpack_nal_start > p_end)
return PJ_EINVAL;
/* Write NAL unit start code */
pj_memcpy(p, nal_start_code, pktz->cfg.unpack_nal_start);
p += pktz->cfg.unpack_nal_start;
@ -444,7 +447,7 @@ PJ_DEF(pj_status_t) pjmedia_h264_unpacketize(pjmedia_h264_packetizer *pktz,
/* Get NAL unit size */
tmp_nal_size = (*q << 8) | *(q+1);
q += 2;
if (q + tmp_nal_size > q_end) {
if (p + tmp_nal_size > p_end || q + tmp_nal_size > q_end) {
/* Invalid bitstream, discard the rest of the payload */
return PJ_EINVAL;
}