Browse files

demux: stl: fix heap-buffer-overflow

According to the spec, calloc can return a NULL or a unique pointer value if
either of the arguments are 0 depending on the implementation. Add a guard to
prevent allocation by returning an error in the above case.

Signed-off-by: Thomas Guillem <>
  • Loading branch information...
shalzz authored and tguillem committed Jul 4, 2017
1 parent 89b077e commit 7033852e1a8292734e1d5800bec864bb5fb24c30
Showing with 2 additions and 0 deletions.
  1. +2 −0 modules/demux/stl.c
@@ -242,6 +242,8 @@ static int Open(vlc_object_t *object)
const int cct = ParseInteger(&header[12], 2);
const mtime_t program_start = ParseTextTimeCode(&header[256], fps);
const size_t tti_count = ParseInteger(&header[238], 5);
if (!tti_count)
msg_Dbg(demux, "Detected EBU STL : CCT=%d TTI=%zu start=%8.8s %"PRId64, cct, tti_count, &header[256], program_start);

demux_sys_t *sys = malloc(sizeof(*sys));

0 comments on commit 7033852

Please sign in to comment.