mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2025-04-26 06:54:49 +00:00
wavparse: Check for short reads when parsing headers in pull mode
And also return the actual flow return to the caller instead of always returning GST_FLOW_ERROR. Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-258, GHSL-2024-260 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3886 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3888 Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
This commit is contained in:
Sebastian Dröge
GStreamer Marge Bot
parent
1d1c9d63be
commit
13b48016b3
1 changed files with 46 additions and 17 deletions
|
|
@ -1097,6 +1097,24 @@ parse_ds64 (GstWavParse * wav, GstBuffer * buf)
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static GstFlowReturn
|
||||||
|
gst_wavparse_pull_range_exact (GstWavParse * wav, guint64 offset, guint size,
|
||||||
|
GstBuffer ** buffer)
|
||||||
|
{
|
||||||
|
GstFlowReturn res;
|
||||||
|
|
||||||
|
res = gst_pad_pull_range (wav->sinkpad, offset, size, buffer);
|
||||||
|
if (res != GST_FLOW_OK)
|
||||||
|
return res;
|
||||||
|
|
||||||
|
if (gst_buffer_get_size (*buffer) < size) {
|
||||||
|
gst_clear_buffer (buffer);
|
||||||
|
return GST_FLOW_EOS;
|
||||||
|
}
|
||||||
|
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
|
||||||
static GstFlowReturn
|
static GstFlowReturn
|
||||||
gst_wavparse_stream_headers (GstWavParse * wav)
|
gst_wavparse_stream_headers (GstWavParse * wav)
|
||||||
{
|
{
|
||||||
|
|
@ -1292,9 +1310,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
|
||||||
|
|
||||||
buf = NULL;
|
buf = NULL;
|
||||||
if ((res =
|
if ((res =
|
||||||
gst_pad_pull_range (wav->sinkpad, wav->offset, 8,
|
gst_wavparse_pull_range_exact (wav, wav->offset, 8,
|
||||||
&buf)) != GST_FLOW_OK)
|
&buf)) != GST_FLOW_OK)
|
||||||
goto header_read_error;
|
goto header_pull_error;
|
||||||
gst_buffer_map (buf, &map, GST_MAP_READ);
|
gst_buffer_map (buf, &map, GST_MAP_READ);
|
||||||
tag = GST_READ_UINT32_LE (map.data);
|
tag = GST_READ_UINT32_LE (map.data);
|
||||||
size = GST_READ_UINT32_LE (map.data + 4);
|
size = GST_READ_UINT32_LE (map.data + 4);
|
||||||
|
|
@ -1397,9 +1415,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
|
||||||
gst_buffer_unref (buf);
|
gst_buffer_unref (buf);
|
||||||
buf = NULL;
|
buf = NULL;
|
||||||
if ((res =
|
if ((res =
|
||||||
gst_pad_pull_range (wav->sinkpad, wav->offset + 8,
|
gst_wavparse_pull_range_exact (wav, wav->offset + 8,
|
||||||
data_size, &buf)) != GST_FLOW_OK)
|
data_size, &buf)) != GST_FLOW_OK)
|
||||||
goto header_read_error;
|
goto header_pull_error;
|
||||||
gst_buffer_extract (buf, 0, &wav->fact, 4);
|
gst_buffer_extract (buf, 0, &wav->fact, 4);
|
||||||
wav->fact = GUINT32_FROM_LE (wav->fact);
|
wav->fact = GUINT32_FROM_LE (wav->fact);
|
||||||
gst_buffer_unref (buf);
|
gst_buffer_unref (buf);
|
||||||
|
|
@ -1444,9 +1462,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
|
||||||
gst_buffer_unref (buf);
|
gst_buffer_unref (buf);
|
||||||
buf = NULL;
|
buf = NULL;
|
||||||
if ((res =
|
if ((res =
|
||||||
gst_pad_pull_range (wav->sinkpad, wav->offset + 8,
|
gst_wavparse_pull_range_exact (wav, wav->offset + 8, size,
|
||||||
size, &buf)) != GST_FLOW_OK)
|
&buf)) != GST_FLOW_OK)
|
||||||
goto header_read_error;
|
goto header_pull_error;
|
||||||
gst_buffer_map (buf, &map, GST_MAP_READ);
|
gst_buffer_map (buf, &map, GST_MAP_READ);
|
||||||
acid = (const gst_riff_acid *) map.data;
|
acid = (const gst_riff_acid *) map.data;
|
||||||
tempo = acid->tempo;
|
tempo = acid->tempo;
|
||||||
|
|
@ -1484,9 +1502,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
|
||||||
gst_buffer_unref (buf);
|
gst_buffer_unref (buf);
|
||||||
buf = NULL;
|
buf = NULL;
|
||||||
if ((res =
|
if ((res =
|
||||||
gst_pad_pull_range (wav->sinkpad, wav->offset, 12,
|
gst_wavparse_pull_range_exact (wav, wav->offset, 12,
|
||||||
&buf)) != GST_FLOW_OK)
|
&buf)) != GST_FLOW_OK)
|
||||||
goto header_read_error;
|
goto header_pull_error;
|
||||||
gst_buffer_extract (buf, 8, <ag, 4);
|
gst_buffer_extract (buf, 8, <ag, 4);
|
||||||
ltag = GUINT32_FROM_LE (ltag);
|
ltag = GUINT32_FROM_LE (ltag);
|
||||||
}
|
}
|
||||||
|
|
@ -1513,9 +1531,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
|
||||||
buf = NULL;
|
buf = NULL;
|
||||||
if (data_size > 0) {
|
if (data_size > 0) {
|
||||||
if ((res =
|
if ((res =
|
||||||
gst_pad_pull_range (wav->sinkpad, wav->offset,
|
gst_wavparse_pull_range_exact (wav, wav->offset,
|
||||||
data_size, &buf)) != GST_FLOW_OK)
|
data_size, &buf)) != GST_FLOW_OK)
|
||||||
goto header_read_error;
|
goto header_pull_error;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (data_size > 0) {
|
if (data_size > 0) {
|
||||||
|
|
@ -1553,9 +1571,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
|
||||||
buf = NULL;
|
buf = NULL;
|
||||||
wav->offset += 12;
|
wav->offset += 12;
|
||||||
if ((res =
|
if ((res =
|
||||||
gst_pad_pull_range (wav->sinkpad, wav->offset,
|
gst_wavparse_pull_range_exact (wav, wav->offset,
|
||||||
data_size, &buf)) != GST_FLOW_OK)
|
data_size, &buf)) != GST_FLOW_OK)
|
||||||
goto header_read_error;
|
goto header_pull_error;
|
||||||
gst_buffer_map (buf, &map, GST_MAP_READ);
|
gst_buffer_map (buf, &map, GST_MAP_READ);
|
||||||
gst_wavparse_adtl_chunk (wav, (const guint8 *) map.data,
|
gst_wavparse_adtl_chunk (wav, (const guint8 *) map.data,
|
||||||
data_size);
|
data_size);
|
||||||
|
|
@ -1599,9 +1617,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
|
||||||
gst_buffer_unref (buf);
|
gst_buffer_unref (buf);
|
||||||
buf = NULL;
|
buf = NULL;
|
||||||
if ((res =
|
if ((res =
|
||||||
gst_pad_pull_range (wav->sinkpad, wav->offset,
|
gst_wavparse_pull_range_exact (wav, wav->offset,
|
||||||
data_size, &buf)) != GST_FLOW_OK)
|
data_size, &buf)) != GST_FLOW_OK)
|
||||||
goto header_read_error;
|
goto header_pull_error;
|
||||||
gst_buffer_map (buf, &map, GST_MAP_READ);
|
gst_buffer_map (buf, &map, GST_MAP_READ);
|
||||||
if (!gst_wavparse_cue_chunk (wav, (const guint8 *) map.data,
|
if (!gst_wavparse_cue_chunk (wav, (const guint8 *) map.data,
|
||||||
data_size)) {
|
data_size)) {
|
||||||
|
|
@ -1643,9 +1661,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
|
||||||
gst_buffer_unref (buf);
|
gst_buffer_unref (buf);
|
||||||
buf = NULL;
|
buf = NULL;
|
||||||
if ((res =
|
if ((res =
|
||||||
gst_pad_pull_range (wav->sinkpad, wav->offset,
|
gst_wavparse_pull_range_exact (wav, wav->offset,
|
||||||
data_size, &buf)) != GST_FLOW_OK)
|
data_size, &buf)) != GST_FLOW_OK)
|
||||||
goto header_read_error;
|
goto header_pull_error;
|
||||||
gst_buffer_map (buf, &map, GST_MAP_READ);
|
gst_buffer_map (buf, &map, GST_MAP_READ);
|
||||||
if (!gst_wavparse_smpl_chunk (wav, (const guint8 *) map.data,
|
if (!gst_wavparse_smpl_chunk (wav, (const guint8 *) map.data,
|
||||||
data_size)) {
|
data_size)) {
|
||||||
|
|
@ -1797,6 +1815,17 @@ header_read_error:
|
||||||
("Couldn't read in header %d (%s)", res, gst_flow_get_name (res)));
|
("Couldn't read in header %d (%s)", res, gst_flow_get_name (res)));
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
header_pull_error:
|
||||||
|
{
|
||||||
|
if (res == GST_FLOW_EOS) {
|
||||||
|
GST_WARNING_OBJECT (wav, "Couldn't pull header %d (%s)", res,
|
||||||
|
gst_flow_get_name (res));
|
||||||
|
} else {
|
||||||
|
GST_ELEMENT_ERROR (wav, STREAM, DEMUX, (NULL),
|
||||||
|
("Couldn't pull header %d (%s)", res, gst_flow_get_name (res)));
|
||||||
|
}
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue