From 3812d7755cf8a4ebde2690adb95cd7e97bbf2a72 Mon Sep 17 00:00:00 2001
From: Jaroslav Kysela <perex@perex.cz>
Date: Thu, 13 Sep 2018 08:41:17 +0200
Subject: [PATCH] tvhcsa: add invalid offset check for CSA descramble

---
 src/descrambler/tvhcsa.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/descrambler/tvhcsa.c b/src/descrambler/tvhcsa.c
index 259882e7e..31b906d01 100644
--- a/src/descrambler/tvhcsa.c
+++ b/src/descrambler/tvhcsa.c
@@ -122,6 +122,8 @@ tvhcsa_csa_cbc_descramble
      pkt[3] &= 0x3f;  // consider it decrypted now
      if(pkt[3] & 0x20) { // incomplete packet
        offset = 4 + pkt[4] + 1;
+       if (offset > 187) // invalid offset
+         break;
        len = 188 - offset;
        n = len >> 3;
        // FIXME: //residue = len - (n << 3);
-- 
2.47.3