mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2024-12-19 23:06:49 +00:00
Code Issues 1 Projects Releases Wiki Activity

wavparse: Check for short reads when parsing headers in pull mode

Browse source 
And also return the actual flow return to the caller instead of always returning
GST_FLOW_ERROR.

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-258, GHSL-2024-260
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3886
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3888

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
This commit is contained in:
Sebastian Dröge 2024-10-04 13:00:57 +03:00 committed by GStreamer Marge Bot
parent 1d1c9d63be
commit 13b48016b3
1 changed files with 46 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
subprojects/gst-plugins-good/gst/wavparse/gstwavparse.c
View file

@ -1097,6 +1097,24 @@ parse_ds64 (GstWavParse * wav, GstBuffer * buf)
return TRUE;
}
static GstFlowReturn
gst_wavparse_pull_range_exact (GstWavParse * wav, guint64 offset, guint size,
GstBuffer ** buffer)
{
GstFlowReturn res;
res = gst_pad_pull_range (wav->sinkpad, offset, size, buffer);
if (res != GST_FLOW_OK)
return res;
if (gst_buffer_get_size (*buffer) < size) {
gst_clear_buffer (buffer);
return GST_FLOW_EOS;
}
return res;
}
static GstFlowReturn
gst_wavparse_stream_headers (GstWavParse * wav)
{
@ -1292,9 +1310,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
buf = NULL;
if ((res =
gst_pad_pull_range (wav->sinkpad, wav->offset, 8,
gst_wavparse_pull_range_exact (wav, wav->offset, 8,
&buf)) != GST_FLOW_OK)
goto header_read_error;
goto header_pull_error;
gst_buffer_map (buf, &map, GST_MAP_READ);
tag = GST_READ_UINT32_LE (map.data);
size = GST_READ_UINT32_LE (map.data + 4);
@ -1397,9 +1415,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
gst_buffer_unref (buf);
buf = NULL;
if ((res =
gst_pad_pull_range (wav->sinkpad, wav->offset + 8,
gst_wavparse_pull_range_exact (wav, wav->offset + 8,
data_size, &buf)) != GST_FLOW_OK)
goto header_read_error;
goto header_pull_error;
gst_buffer_extract (buf, 0, &wav->fact, 4);
wav->fact = GUINT32_FROM_LE (wav->fact);
gst_buffer_unref (buf);
@ -1444,9 +1462,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
gst_buffer_unref (buf);
buf = NULL;
if ((res =
gst_pad_pull_range (wav->sinkpad, wav->offset + 8,
size, &buf)) != GST_FLOW_OK)
goto header_read_error;
gst_wavparse_pull_range_exact (wav, wav->offset + 8, size,
&buf)) != GST_FLOW_OK)
goto header_pull_error;
gst_buffer_map (buf, &map, GST_MAP_READ);
acid = (const gst_riff_acid *) map.data;
tempo = acid->tempo;
@ -1484,9 +1502,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
gst_buffer_unref (buf);
buf = NULL;
if ((res =
gst_pad_pull_range (wav->sinkpad, wav->offset, 12,
gst_wavparse_pull_range_exact (wav, wav->offset, 12,
&buf)) != GST_FLOW_OK)
goto header_read_error;
goto header_pull_error;
gst_buffer_extract (buf, 8, &ltag, 4);
ltag = GUINT32_FROM_LE (ltag);
}
@ -1513,9 +1531,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
buf = NULL;
if (data_size > 0) {
if ((res =
gst_pad_pull_range (wav->sinkpad, wav->offset,
gst_wavparse_pull_range_exact (wav, wav->offset,
data_size, &buf)) != GST_FLOW_OK)
goto header_read_error;
goto header_pull_error;
}
}
if (data_size > 0) {
@ -1553,9 +1571,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
buf = NULL;
wav->offset += 12;
if ((res =
gst_pad_pull_range (wav->sinkpad, wav->offset,
gst_wavparse_pull_range_exact (wav, wav->offset,
data_size, &buf)) != GST_FLOW_OK)
goto header_read_error;
goto header_pull_error;
gst_buffer_map (buf, &map, GST_MAP_READ);
gst_wavparse_adtl_chunk (wav, (const guint8 *) map.data,
data_size);
@ -1599,9 +1617,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
gst_buffer_unref (buf);
buf = NULL;
if ((res =
gst_pad_pull_range (wav->sinkpad, wav->offset,
gst_wavparse_pull_range_exact (wav, wav->offset,
data_size, &buf)) != GST_FLOW_OK)
goto header_read_error;
goto header_pull_error;
gst_buffer_map (buf, &map, GST_MAP_READ);
if (!gst_wavparse_cue_chunk (wav, (const guint8 *) map.data,
data_size)) {
@ -1643,9 +1661,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
gst_buffer_unref (buf);
buf = NULL;
if ((res =
gst_pad_pull_range (wav->sinkpad, wav->offset,
gst_wavparse_pull_range_exact (wav, wav->offset,
data_size, &buf)) != GST_FLOW_OK)
goto header_read_error;
goto header_pull_error;
gst_buffer_map (buf, &map, GST_MAP_READ);
if (!gst_wavparse_smpl_chunk (wav, (const guint8 *) map.data,
data_size)) {
@ -1797,6 +1815,17 @@ header_read_error:
("Couldn't read in header %d (%s)", res, gst_flow_get_name (res)));
goto fail;
}
header_pull_error:
{
if (res == GST_FLOW_EOS) {
GST_WARNING_OBJECT (wav, "Couldn't pull header %d (%s)", res,
gst_flow_get_name (res));
} else {
GST_ELEMENT_ERROR (wav, STREAM, DEMUX, (NULL),
("Couldn't pull header %d (%s)", res, gst_flow_get_name (res)));
}
goto exit;
}
}
/*