From 994814594ab0c51adbd5db2b7c5423bb6d940a37 Mon Sep 17 00:00:00 2001 From: Nikita Egorov Date: Thu, 15 Mar 2018 18:16:37 +0300 Subject: [PATCH] Append size check in scte35_validate. In function scte35_validate psi_check_crc call execute without data size check. The syntax flag in scte35 PSI by definition is false so psi_validate will be true. In such case scte35_validate may overflow on zero length PSI size. --- scte/35.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scte/35.h b/scte/35.h index 2b1ba17..7284f32 100644 --- a/scte/35.h +++ b/scte/35.h @@ -670,7 +670,8 @@ static inline bool scte35_private_validate(const uint8_t *p_scte35) static inline bool scte35_validate(const uint8_t *p_scte35) { if (psi_get_syntax(p_scte35) || - psi_get_tableid(p_scte35) != SCTE35_TABLE_ID) + psi_get_tableid(p_scte35) != SCTE35_TABLE_ID || + psi_get_length(p_scte35) < SCTE35_HEADER2_SIZE + PSI_CRC_SIZE) return false; if (!psi_check_crc(p_scte35))