mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2024-10-04 09:42:19 +00:00
Code Issues 1 Projects Releases Wiki Activity

oggdemux: Handle invalid-sized packets

Browse source 
On invalid packets there is the possibility we might end up wanting
to trim/offset more than what is available.

oss-fuzz issue #5866
This commit is contained in:
Edward Hervey 2018-02-01 10:40:28 +01:00 committed by Edward Hervey
parent dbae19773a
commit 0d14819ef2
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
ext/ogg/gstoggdemux.c
View file

@ -778,7 +778,9 @@ gst_ogg_demux_chain_peer (GstOggPad * pad, ogg_packet * packet,
pad->prev_granule = pad->current_granule;
}
if (pad->map.is_ogm_text) {
if (G_UNLIKELY (offset + trim > packet->bytes))
goto invalid_packet;
else if (pad->map.is_ogm_text) {
/* check for invalid buffer sizes */
if (G_UNLIKELY (offset + trim >= packet->bytes))
goto empty_packet;
@ -901,6 +903,12 @@ empty_packet:
goto done;
}
invalid_packet:
{
GST_DEBUG_OBJECT (ogg, "Skipping invalid packet");
goto done;
}
no_timestamp:
{
GST_DEBUG_OBJECT (ogg, "skipping packet: no valid granule found yet");