diff --git a/ChangeLog b/ChangeLog index 74f157ae5b..c1dc84b498 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2005-10-09 Tim-Philipp Müller + + * gst/base/gsttypefindhelper.c: (helper_find_peek): + Fix evil typefind crasher: getrange() might return a short + buffer at the end of a file, but gst_type_find_peek() must + either return the full data as requested or NULL, but + never a short buffer. + 2005-10-09 Thomas Vander Stichele * gst/gstmessage.c: (gst_message_new_state_changed), diff --git a/gst/base/gsttypefindhelper.c b/gst/base/gsttypefindhelper.c index 67244e7a2f..947ec44a5f 100644 --- a/gst/base/gsttypefindhelper.c +++ b/gst/base/gsttypefindhelper.c @@ -75,8 +75,18 @@ helper_find_peek (gpointer data, gint64 offset, guint size) if (ret != GST_FLOW_OK) goto error; - find->buffers = g_list_prepend (find->buffers, buffer); + /* getrange might silently return shortened buffers at the end of a file, + * we must, however, always return either the full requested data or NULL */ + if (GST_BUFFER_OFFSET (buffer) != offset || GST_BUFFER_SIZE (buffer) < size) { + GST_DEBUG ("droping short buffer: %" G_GUINT64_FORMAT "-%" G_GUINT64_FORMAT + " instead of %" G_GUINT64_FORMAT "-%" G_GUINT64_FORMAT, + GST_BUFFER_OFFSET (buffer), GST_BUFFER_OFFSET (buffer) + + GST_BUFFER_SIZE (buffer), offset, offset + size); + gst_buffer_unref (buffer); + return NULL; + } + find->buffers = g_list_prepend (find->buffers, buffer); return GST_BUFFER_DATA (buffer); error: diff --git a/libs/gst/base/gsttypefindhelper.c b/libs/gst/base/gsttypefindhelper.c index 67244e7a2f..947ec44a5f 100644 --- a/libs/gst/base/gsttypefindhelper.c +++ b/libs/gst/base/gsttypefindhelper.c @@ -75,8 +75,18 @@ helper_find_peek (gpointer data, gint64 offset, guint size) if (ret != GST_FLOW_OK) goto error; - find->buffers = g_list_prepend (find->buffers, buffer); + /* getrange might silently return shortened buffers at the end of a file, + * we must, however, always return either the full requested data or NULL */ + if (GST_BUFFER_OFFSET (buffer) != offset || GST_BUFFER_SIZE (buffer) < size) { + GST_DEBUG ("droping short buffer: %" G_GUINT64_FORMAT "-%" G_GUINT64_FORMAT + " instead of %" G_GUINT64_FORMAT "-%" G_GUINT64_FORMAT, + GST_BUFFER_OFFSET (buffer), GST_BUFFER_OFFSET (buffer) + + GST_BUFFER_SIZE (buffer), offset, offset + size); + gst_buffer_unref (buffer); + return NULL; + } + find->buffers = g_list_prepend (find->buffers, buffer); return GST_BUFFER_DATA (buffer); error: