GNOME Bugzilla – Bug 736490
tsdemux: fix overflow of packet_length field of PESHeader
Last modified: 2014-09-12 12:43:19 UTC
If packet_length of a PES packet is greater than 65529, packet_length field of PESHeader structure, defined as a guin16, will overflow due to the fact that we add 6 bytes to it since commit d0e8427b4e7735bf5abc5cff18a03483cee1d9b5 So I will propose a patch which use a guint32 to store packet_length instead of a guint16. You can reproduced the issue with the attached stream.
Created attachment 285937 [details] [review] tsdemux: fix overflow of packet_length field of PESHeader Patch proposal to fix the issue. It defines packet_length as a guint32 instead of a guint16.
Are you going to attach the stream as well? :)
Created attachment 285988 [details] MPEG-TS stream which causes the packet_length overflow Stream which causes the following error due to packet_length overflow: gst-plugins-bad/gst/mpegtsdemux/tsdemux.c:1806:gst_ts_demux_parse_pes_header: invalid header and packet size combination But in order to have the video stream, which is a Chinese AVS video, you will need patch provided in 727731 (I will rebase them agains the master branch).
(should also be backported to 1.4 branch imho) commit 6d767a09d8b85918304115255dbaacdac644a7d2 Author: Aurélien Zanelli <aurelien.zanelli@parrot.com> Date: Thu Sep 11 18:33:20 2014 +0200 tsdemux: fix overflow of packet_length field of PESHeader packet_length is defined as a guint16 in the PESHeader structure. This definition match the specification. But since we add 6 bytes to the packet_length value (length of start_code + stream_id + packet_length), we can overflow the guint16 when the value in the PES header is greater than 65529. So use a guint32 instead of a guint16 to avoid overflow. https://bugzilla.gnome.org/show_bug.cgi?id=736490