From c21135ddd32ac7f306f5c50a5c78f946648e36ae Mon Sep 17 00:00:00 2001 From: Zaheer Abbas Merali Date: Thu, 24 Jan 2008 08:12:29 +0000 Subject: gst/mpegtsparse/: Fix network name descriptor, the length is actually the descriptor length not stored in the byte af... Original commit message from CVS: * gst/mpegtsparse/gstmpegdesc.h: * gst/mpegtsparse/mpegtspacketizer.c: Fix network name descriptor, the length is actually the descriptor length not stored in the byte after. Fix bounds checking to be more correct. --- ChangeLog | 8 ++++++++ gst/mpegtsparse/gstmpegdesc.h | 4 ++-- gst/mpegtsparse/mpegtspacketizer.c | 35 ++++++++++++++--------------------- 3 files changed, 24 insertions(+), 23 deletions(-) diff --git a/ChangeLog b/ChangeLog index a87ddf42..c7e44b14 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2008-01-24 Zaheer Abbas Merali + + * gst/mpegtsparse/gstmpegdesc.h: + * gst/mpegtsparse/mpegtspacketizer.c: + Fix network name descriptor, the length is actually the + descriptor length not stored in the byte after. + Fix bounds checking to be more correct. + 2008-01-24 Zaheer Abbas Merali * gst/mpegtsparse/gstmpegdesc.h: diff --git a/gst/mpegtsparse/gstmpegdesc.h b/gst/mpegtsparse/gstmpegdesc.h index f1ed7453..b75f6eb7 100644 --- a/gst/mpegtsparse/gstmpegdesc.h +++ b/gst/mpegtsparse/gstmpegdesc.h @@ -241,8 +241,8 @@ #define DESC_DVB_STREAM_IDENTIFIER_component_tag(desc) (desc[2]) /* DVB Network Name descriptor */ -#define DESC_DVB_NETWORK_NAME_length(desc) (GST_READ_UINT8((desc)+2)) -#define DESC_DVB_NETWORK_NAME_text(desc) (desc+3) +#define DESC_DVB_NETWORK_NAME_length(desc) (GST_READ_UINT8((desc)+1)) +#define DESC_DVB_NETWORK_NAME_text(desc) (desc+2) /* DVB Service Descriptor */ #define DESC_DVB_SERVICE_type(desc) (desc[2]) diff --git a/gst/mpegtsparse/mpegtspacketizer.c b/gst/mpegtsparse/mpegtspacketizer.c index 93ed3879..d4c05041 100644 --- a/gst/mpegtsparse/mpegtspacketizer.c +++ b/gst/mpegtsparse/mpegtspacketizer.c @@ -613,22 +613,20 @@ mpegts_packetizer_parse_nit (MpegTSPacketizer * packetizer, gst_mpeg_descriptor_find (mpegdescriptor, DESC_DVB_NETWORK_NAME); if (networkname_descriptor != NULL) { gchar *networkname_tmp; - guint networkname_length = + + /* No need to bounds check this value as it comes from the descriptor length itself */ + guint8 networkname_length = DESC_DVB_NETWORK_NAME_length (networkname_descriptor); gchar *networkname = (gchar *) DESC_DVB_NETWORK_NAME_text (networkname_descriptor); - if ((guint8 *) networkname + networkname_length < - networkname_descriptor + DESC_LENGTH (networkname_descriptor)) { - - if (networkname[0] < 0x20) { - networkname_length -= 1; - networkname += 1; - } - networkname_tmp = g_strndup (networkname, networkname_length); - gst_structure_set (nit, "network-name", G_TYPE_STRING, networkname_tmp, - NULL); - g_free (networkname_tmp); + if (networkname[0] < 0x20) { + networkname_length -= 1; + networkname += 1; } + networkname_tmp = g_strndup (networkname, networkname_length); + gst_structure_set (nit, "network-name", G_TYPE_STRING, networkname_tmp, + NULL); + g_free (networkname_tmp); } gst_mpeg_descriptor_free (mpegdescriptor); @@ -1119,11 +1117,8 @@ mpegts_packetizer_parse_sdt (MpegTSPacketizer * packetizer, DESC_DVB_SERVICE_name_length (service_descriptor); gchar *servicename = (gchar *) DESC_DVB_SERVICE_name_text (service_descriptor); - if ((guint8 *) servicename + servicename_length < - service_descriptor + DESC_LENGTH (service_descriptor) - && (guint8 *) serviceprovider_name + serviceprovider_name_length < - service_descriptor + DESC_LENGTH (service_descriptor)) { - + if (servicename_length + serviceprovider_name_length + 2 <= + DESC_LENGTH (service_descriptor)) { if (servicename[0] < 0x20) { servicename_length -= 1; servicename += 1; @@ -1346,10 +1341,8 @@ mpegts_packetizer_parse_eit (MpegTSPacketizer * packetizer, DESC_DVB_SHORT_EVENT_description_length (event_descriptor); gchar *eventdescription = (gchar *) DESC_DVB_SHORT_EVENT_description_text (event_descriptor); - if ((guint8 *) eventname + eventname_length < - event_descriptor + DESC_LENGTH (event_descriptor) - && (guint8 *) eventdescription + eventdescription_length < - event_descriptor + DESC_LENGTH (event_descriptor)) { + if (eventname_length + eventdescription_length + 2 <= + DESC_LENGTH (event_descriptor)) { if (eventname[0] < 0x20) { eventname_length -= 1; eventname += 1; -- cgit v1.2.1