mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2024-12-25 01:30:38 +00:00
avidemux: Fix various out of bounds reads when parsing ncdt tags
https://bugzilla.gnome.org/show_bug.cgi?id=777500
This commit is contained in:
parent
1ffef8bf60
commit
32d9f3c158
1 changed files with 8 additions and 4 deletions
|
@ -3912,6 +3912,7 @@ gst_avi_demux_parse_ncdt (GstAviDemux * avi, GstBuffer * buf,
|
||||||
|
|
||||||
tsize -= 4;
|
tsize -= 4;
|
||||||
ptr += 4;
|
ptr += 4;
|
||||||
|
left -= 4;
|
||||||
|
|
||||||
GST_DEBUG_OBJECT (avi, "sub-tag %u, size %u", sub_tag, sub_size);
|
GST_DEBUG_OBJECT (avi, "sub-tag %u, size %u", sub_tag, sub_size);
|
||||||
/* http://www.sno.phy.queensu.ca/~phil/exiftool/TagNames/Nikon.html#NCTG
|
/* http://www.sno.phy.queensu.ca/~phil/exiftool/TagNames/Nikon.html#NCTG
|
||||||
|
@ -3930,10 +3931,12 @@ gst_avi_demux_parse_ncdt (GstAviDemux * avi, GstBuffer * buf,
|
||||||
break;
|
break;
|
||||||
case 0x13: /* CreationDate */
|
case 0x13: /* CreationDate */
|
||||||
type = GST_TAG_DATE_TIME;
|
type = GST_TAG_DATE_TIME;
|
||||||
if (ptr[4] == ':')
|
if (left > 7) {
|
||||||
ptr[4] = '-';
|
if (ptr[4] == ':')
|
||||||
if (ptr[7] == ':')
|
ptr[4] = '-';
|
||||||
ptr[7] = '-';
|
if (ptr[7] == ':')
|
||||||
|
ptr[7] = '-';
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
type = NULL;
|
type = NULL;
|
||||||
|
@ -3947,6 +3950,7 @@ gst_avi_demux_parse_ncdt (GstAviDemux * avi, GstBuffer * buf,
|
||||||
|
|
||||||
ptr += sub_size;
|
ptr += sub_size;
|
||||||
tsize -= sub_size;
|
tsize -= sub_size;
|
||||||
|
left -= sub_size;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
|
Loading…
Reference in a new issue