mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2025-01-17 04:45:47 +00:00
flacparse: fix buffer overflow in gst_flac_parse_frame_is_valid
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/6835>
This commit is contained in:
parent
7b547e044c
commit
1c5e1798b6
1 changed files with 11 additions and 10 deletions
|
@ -652,13 +652,15 @@ static gboolean
|
|||
gst_flac_parse_frame_is_valid (GstFlacParse * flacparse,
|
||||
const guint8 * data, gsize size, guint * ret)
|
||||
{
|
||||
guint max, remaining;
|
||||
guint max;
|
||||
guint i, search_start, search_end;
|
||||
FrameHeaderCheckReturn header_ret;
|
||||
guint16 block_size;
|
||||
gboolean suspect_start = FALSE, suspect_end = FALSE;
|
||||
|
||||
if (size < flacparse->min_framesize)
|
||||
/* minimum frame header size is 5 bytes and we read that much
|
||||
* without checking the size below */
|
||||
if (size < MAX (flacparse->min_framesize, 5))
|
||||
goto need_more;
|
||||
|
||||
header_ret =
|
||||
|
@ -673,15 +675,14 @@ gst_flac_parse_frame_is_valid (GstFlacParse * flacparse,
|
|||
|
||||
/* mind unknown framesize */
|
||||
search_start = MAX (2, flacparse->min_framesize);
|
||||
|
||||
/* at minimum 5 bytes are read below so stop 5 bytes before the end.
|
||||
* we also checked above that at least 5 bytes are available. */
|
||||
search_end = size - 5;
|
||||
if (flacparse->max_framesize)
|
||||
search_end = MIN (size, flacparse->max_framesize + 9 + 2);
|
||||
else
|
||||
search_end = size;
|
||||
search_end -= 2;
|
||||
search_end = MIN (search_end, flacparse->max_framesize + 9 + 2);
|
||||
|
||||
remaining = size;
|
||||
|
||||
for (i = search_start; i < search_end; i++, remaining--) {
|
||||
for (i = search_start; i < search_end; i++) {
|
||||
|
||||
if ((GST_READ_UINT16_BE (data + i) & 0xfffe) != 0xfff8)
|
||||
continue;
|
||||
|
@ -690,7 +691,7 @@ gst_flac_parse_frame_is_valid (GstFlacParse * flacparse,
|
|||
suspect_end = FALSE;
|
||||
header_ret =
|
||||
gst_flac_parse_frame_header_is_valid (flacparse, data + i,
|
||||
remaining, FALSE, NULL, &suspect_end);
|
||||
size - i, FALSE, NULL, &suspect_end);
|
||||
if (header_ret == FRAME_HEADER_VALID) {
|
||||
if (flacparse->check_frame_checksums || suspect_start || suspect_end) {
|
||||
guint16 actual_crc = gst_flac_calculate_crc16 (data, i - 2);
|
||||
|
|
Loading…
Reference in a new issue