From 004412848720a29b999b1b85adb6889c32884605 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim-Philipp=20M=C3=BCller?= Date: Fri, 21 Aug 2009 02:58:58 +0100 Subject: [PATCH] typefinders: skip ffmpeg typefinders if there isn't enough data ffmpeg typefinders don't do bounds checking for small chunks of data, so just skip them if we don't have a lot of data, to avoid invalid memory access and/or crashes. --- ext/ffmpeg/gstffmpegdemux.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/ext/ffmpeg/gstffmpegdemux.c b/ext/ffmpeg/gstffmpegdemux.c index 36814976c1..6a8438fb4f 100644 --- a/ext/ffmpeg/gstffmpegdemux.c +++ b/ext/ffmpeg/gstffmpegdemux.c @@ -1252,6 +1252,8 @@ no_info: } #define GST_FFMPEG_TYPE_FIND_SIZE 4096 +#define GST_FFMPEG_TYPE_FIND_MIN_SIZE 256 + static void gst_ffmpegdemux_type_find (GstTypeFind * tf, gpointer priv) { @@ -1267,6 +1269,16 @@ gst_ffmpegdemux_type_find (GstTypeFind * tf, gpointer priv) if (length == 0 || length > GST_FFMPEG_TYPE_FIND_SIZE) length = GST_FFMPEG_TYPE_FIND_SIZE; + /* The ffmpeg typefinders assume there's a certain minimum amount of data + * and will happily do invalid memory access if there isn't, so let's just + * skip the ffmpeg typefinders if the data available is too short + * (in which case it's unlikely to be a media file anyway) */ + if (length < GST_FFMPEG_TYPE_FIND_MIN_SIZE) { + GST_LOG ("not typefinding %" G_GUINT64_FORMAT " bytes, too short", length); + return; + } + + GST_LOG ("typefinding %" G_GUINT64_FORMAT " bytes", length); if (in_plugin->read_probe && (data = gst_type_find_peek (tf, 0, length)) != NULL) { AVProbeData probe_data;