mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2024-06-06 16:19:29 +00:00
Code Issues 1 Projects Releases Wiki Activity

flacparse: fix buffer overflow in gst_flac_parse_frame_is_valid

Browse source
This commit is contained in:
Sergey Krivohatskiy 2024-05-13 11:08:15 +03:00
parent 0a2e0a4f64
commit 3daa706471
1 changed files with 5 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
subprojects/gst-plugins-good/gst/audioparsers/gstflacparse.c
View file

@ -652,7 +652,7 @@ static gboolean
gst_flac_parse_frame_is_valid (GstFlacParse * flacparse,
const guint8 * data, gsize size, guint * ret)
{
guint max, remaining;
guint max;
guint i, search_start, search_end;
FrameHeaderCheckReturn header_ret;
guint16 block_size;
@ -673,15 +673,11 @@ gst_flac_parse_frame_is_valid (GstFlacParse * flacparse,
/* mind unknown framesize */
search_start = MAX (2, flacparse->min_framesize);
search_end = size - search_start;
if (flacparse->max_framesize)
search_end = MIN (size, flacparse->max_framesize + 9 + 2);
else
search_end = size;
search_end -= 2;
search_end = MIN (search_end, flacparse->max_framesize + 9 + 2);
remaining = size;
for (i = search_start; i < search_end; i++, remaining--) {
for (i = search_start; i < search_end; i++) {
if ((GST_READ_UINT16_BE (data + i) & 0xfffe) != 0xfff8)
continue;
@ -690,7 +686,7 @@ gst_flac_parse_frame_is_valid (GstFlacParse * flacparse,
suspect_end = FALSE;
header_ret =
gst_flac_parse_frame_header_is_valid (flacparse, data + i,
remaining, FALSE, NULL, &suspect_end);
size - i, FALSE, NULL, &suspect_end);
if (header_ret == FRAME_HEADER_VALID) {
if (flacparse->check_frame_checksums || suspect_start || suspect_end) {
guint16 actual_crc = gst_flac_calculate_crc16 (data, i - 2);