From 92b4203644593e595b34094b5acafeb37219fa41 Mon Sep 17 00:00:00 2001
From: Johns <johns98@gmx.net>
Date: Fri, 19 Oct 2012 15:36:41 +0200
Subject: Fix bug: possible endless loop in pes audio parser.

---
 softhddev.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'softhddev.c')

diff --git a/softhddev.c b/softhddev.c
index d2eee03..5b48fa8 100644
--- a/softhddev.c
+++ b/softhddev.c
@@ -718,13 +718,16 @@ static void PesParse(PesDemux * pesdx, const uint8_t * data, int size,
 
 		// have header upto size bits
 		if (pesdx->HeaderIndex == PES_HEADER_SIZE) {
-		    if ((pesdx->Header[6] & 0xC0) == 0x80) {
-			pesdx->HeaderSize += pesdx->Header[8];
-		    } else {
+		    if ((pesdx->Header[6] & 0xC0) != 0x80) {
 			Error(_("pesdemux: mpeg1 pes packet unsupported\n"));
 			pesdx->State = PES_SKIP;
 			return;
 		    }
+		    // have pes extension
+		    if (!pesdx->Header[8]) {
+			goto empty_header;
+		    }
+		    pesdx->HeaderSize += pesdx->Header[8];
 		    // have complete header
 		} else if (pesdx->HeaderIndex == pesdx->HeaderSize) {
 		    int64_t pts;
@@ -753,6 +756,7 @@ static void PesParse(PesDemux * pesdx, const uint8_t * data, int size,
 			    pts, dts);
 		    }
 
+		  empty_header:
 		    pesdx->State = PES_INIT;
 		    if (pesdx->StartCode == PES_PRIVATE_STREAM1) {
 			// only private stream 1, has sub streams
-- 
cgit v1.2.3