From bad5510ec180ecd4fb856e3ff63812d8f8496e4a Mon Sep 17 00:00:00 2001
From: Kieran Kunhya <kierank@obe.tv>
Date: Sun, 3 Oct 2021 17:53:56 +0100
Subject: [PATCH] scte104: Add bounds checking to validate functions

---
 scte/104.h | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/scte/104.h b/scte/104.h
index 9e2ab47..e19b869 100644
--- a/scte/104.h
+++ b/scte/104.h
@@ -275,9 +275,11 @@ static inline uint8_t *scte104s_get_data(const uint8_t *p, uint16_t *pi_size)
     return (uint8_t *)&p[13];
 }
 
-static inline bool scte104s_validate(const uint8_t *p)
+static inline bool scte104s_validate(const uint8_t *p, const int buf_size)
 {
     uint16_t i_size = scte104_get_size(p);
+    if (buf_size < i_size)
+        return false;
     if (i_size < SCTE104S_HEADER_SIZE)
         return false;
 
@@ -405,9 +407,11 @@ static inline uint8_t *scte104m_get_op(const uint8_t *p, uint8_t i_op)
     return (uint8_t *)p;
 }
 
-static inline bool scte104m_validate(const uint8_t *p)
+static inline bool scte104m_validate(const uint8_t *p, const int buf_size)
 {
     uint16_t i_size = scte104_get_size(p);
+    if (buf_size < i_size)
+        return false;
     if (i_size < SCTE104M_HEADER_SIZE + SCTE104T_HEADER_SIZE)
         return false;