mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2024-12-24 01:00:37 +00:00
wavparse: Check for short reads when parsing headers in pull mode
And also return the actual flow return to the caller instead of always returning GST_FLOW_ERROR. Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-258, GHSL-2024-260 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3886 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3888 Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
This commit is contained in:
parent
1d1c9d63be
commit
13b48016b3
1 changed files with 46 additions and 17 deletions
|
@ -1097,6 +1097,24 @@ parse_ds64 (GstWavParse * wav, GstBuffer * buf)
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
static GstFlowReturn
|
||||
gst_wavparse_pull_range_exact (GstWavParse * wav, guint64 offset, guint size,
|
||||
GstBuffer ** buffer)
|
||||
{
|
||||
GstFlowReturn res;
|
||||
|
||||
res = gst_pad_pull_range (wav->sinkpad, offset, size, buffer);
|
||||
if (res != GST_FLOW_OK)
|
||||
return res;
|
||||
|
||||
if (gst_buffer_get_size (*buffer) < size) {
|
||||
gst_clear_buffer (buffer);
|
||||
return GST_FLOW_EOS;
|
||||
}
|
||||
|
||||
return res;
|
||||
}
|
||||
|
||||
static GstFlowReturn
|
||||
gst_wavparse_stream_headers (GstWavParse * wav)
|
||||
{
|
||||
|
@ -1292,9 +1310,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
|
|||
|
||||
buf = NULL;
|
||||
if ((res =
|
||||
gst_pad_pull_range (wav->sinkpad, wav->offset, 8,
|
||||
gst_wavparse_pull_range_exact (wav, wav->offset, 8,
|
||||
&buf)) != GST_FLOW_OK)
|
||||
goto header_read_error;
|
||||
goto header_pull_error;
|
||||
gst_buffer_map (buf, &map, GST_MAP_READ);
|
||||
tag = GST_READ_UINT32_LE (map.data);
|
||||
size = GST_READ_UINT32_LE (map.data + 4);
|
||||
|
@ -1397,9 +1415,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
|
|||
gst_buffer_unref (buf);
|
||||
buf = NULL;
|
||||
if ((res =
|
||||
gst_pad_pull_range (wav->sinkpad, wav->offset + 8,
|
||||
gst_wavparse_pull_range_exact (wav, wav->offset + 8,
|
||||
data_size, &buf)) != GST_FLOW_OK)
|
||||
goto header_read_error;
|
||||
goto header_pull_error;
|
||||
gst_buffer_extract (buf, 0, &wav->fact, 4);
|
||||
wav->fact = GUINT32_FROM_LE (wav->fact);
|
||||
gst_buffer_unref (buf);
|
||||
|
@ -1444,9 +1462,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
|
|||
gst_buffer_unref (buf);
|
||||
buf = NULL;
|
||||
if ((res =
|
||||
gst_pad_pull_range (wav->sinkpad, wav->offset + 8,
|
||||
size, &buf)) != GST_FLOW_OK)
|
||||
goto header_read_error;
|
||||
gst_wavparse_pull_range_exact (wav, wav->offset + 8, size,
|
||||
&buf)) != GST_FLOW_OK)
|
||||
goto header_pull_error;
|
||||
gst_buffer_map (buf, &map, GST_MAP_READ);
|
||||
acid = (const gst_riff_acid *) map.data;
|
||||
tempo = acid->tempo;
|
||||
|
@ -1484,9 +1502,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
|
|||
gst_buffer_unref (buf);
|
||||
buf = NULL;
|
||||
if ((res =
|
||||
gst_pad_pull_range (wav->sinkpad, wav->offset, 12,
|
||||
gst_wavparse_pull_range_exact (wav, wav->offset, 12,
|
||||
&buf)) != GST_FLOW_OK)
|
||||
goto header_read_error;
|
||||
goto header_pull_error;
|
||||
gst_buffer_extract (buf, 8, <ag, 4);
|
||||
ltag = GUINT32_FROM_LE (ltag);
|
||||
}
|
||||
|
@ -1513,9 +1531,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
|
|||
buf = NULL;
|
||||
if (data_size > 0) {
|
||||
if ((res =
|
||||
gst_pad_pull_range (wav->sinkpad, wav->offset,
|
||||
gst_wavparse_pull_range_exact (wav, wav->offset,
|
||||
data_size, &buf)) != GST_FLOW_OK)
|
||||
goto header_read_error;
|
||||
goto header_pull_error;
|
||||
}
|
||||
}
|
||||
if (data_size > 0) {
|
||||
|
@ -1553,9 +1571,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
|
|||
buf = NULL;
|
||||
wav->offset += 12;
|
||||
if ((res =
|
||||
gst_pad_pull_range (wav->sinkpad, wav->offset,
|
||||
gst_wavparse_pull_range_exact (wav, wav->offset,
|
||||
data_size, &buf)) != GST_FLOW_OK)
|
||||
goto header_read_error;
|
||||
goto header_pull_error;
|
||||
gst_buffer_map (buf, &map, GST_MAP_READ);
|
||||
gst_wavparse_adtl_chunk (wav, (const guint8 *) map.data,
|
||||
data_size);
|
||||
|
@ -1599,9 +1617,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
|
|||
gst_buffer_unref (buf);
|
||||
buf = NULL;
|
||||
if ((res =
|
||||
gst_pad_pull_range (wav->sinkpad, wav->offset,
|
||||
gst_wavparse_pull_range_exact (wav, wav->offset,
|
||||
data_size, &buf)) != GST_FLOW_OK)
|
||||
goto header_read_error;
|
||||
goto header_pull_error;
|
||||
gst_buffer_map (buf, &map, GST_MAP_READ);
|
||||
if (!gst_wavparse_cue_chunk (wav, (const guint8 *) map.data,
|
||||
data_size)) {
|
||||
|
@ -1643,9 +1661,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
|
|||
gst_buffer_unref (buf);
|
||||
buf = NULL;
|
||||
if ((res =
|
||||
gst_pad_pull_range (wav->sinkpad, wav->offset,
|
||||
gst_wavparse_pull_range_exact (wav, wav->offset,
|
||||
data_size, &buf)) != GST_FLOW_OK)
|
||||
goto header_read_error;
|
||||
goto header_pull_error;
|
||||
gst_buffer_map (buf, &map, GST_MAP_READ);
|
||||
if (!gst_wavparse_smpl_chunk (wav, (const guint8 *) map.data,
|
||||
data_size)) {
|
||||
|
@ -1797,6 +1815,17 @@ header_read_error:
|
|||
("Couldn't read in header %d (%s)", res, gst_flow_get_name (res)));
|
||||
goto fail;
|
||||
}
|
||||
header_pull_error:
|
||||
{
|
||||
if (res == GST_FLOW_EOS) {
|
||||
GST_WARNING_OBJECT (wav, "Couldn't pull header %d (%s)", res,
|
||||
gst_flow_get_name (res));
|
||||
} else {
|
||||
GST_ELEMENT_ERROR (wav, STREAM, DEMUX, (NULL),
|
||||
("Couldn't pull header %d (%s)", res, gst_flow_get_name (res)));
|
||||
}
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
Loading…
Reference in a new issue