From b964fe4226f1424cf676d5822ef898b6b01f5937 Mon Sep 17 00:00:00 2001
From: Aurelien David <aurelien.david@telecom-paristech.fr>
Date: Thu, 16 Feb 2023 17:34:58 +0100
Subject: [PATCH] rfadts: add size guard on dmx (#2400)

---
 src/filters/reframe_adts.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/filters/reframe_adts.c b/src/filters/reframe_adts.c
index 80c98e522e..818273e58e 100644
--- a/src/filters/reframe_adts.c
+++ b/src/filters/reframe_adts.c
@@ -300,7 +300,7 @@ static void adts_dmx_check_dur(GF_Filter *filter, GF_ADTSDmxCtx *ctx)
 			}
 		}
 	}
-	
+
 	p = gf_filter_pid_get_property(ctx->ipid, GF_PROP_PID_FILE_CACHED);
 	if (p && p->value.boolean) ctx->file_loaded = GF_TRUE;
 }
@@ -824,6 +824,12 @@ GF_Err adts_dmx_process(GF_Filter *filter)
 		}
 
 		if (!ctx->in_seek) {
+
+			if (sync_pos + offset + size > remain) {
+				GF_LOG(GF_LOG_WARNING, GF_LOG_MEDIA, ("[ADTSDmx] truncated frame\n"));
+				break;
+			}
+
 			dst_pck = gf_filter_pck_new_alloc(ctx->opid, size, &output);
 			if (!dst_pck) return GF_OUT_OF_MEM;
 			if (ctx->src_pck) gf_filter_pck_merge_properties(ctx->src_pck, dst_pck);