mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2024-06-06 16:19:29 +00:00
flacparse: fix buffer overflow in gst_flac_parse_frame_is_valid
This commit is contained in:
parent
0a2e0a4f64
commit
3daa706471
|
@ -652,7 +652,7 @@ static gboolean
|
|||
gst_flac_parse_frame_is_valid (GstFlacParse * flacparse,
|
||||
const guint8 * data, gsize size, guint * ret)
|
||||
{
|
||||
guint max, remaining;
|
||||
guint max;
|
||||
guint i, search_start, search_end;
|
||||
FrameHeaderCheckReturn header_ret;
|
||||
guint16 block_size;
|
||||
|
@ -673,15 +673,11 @@ gst_flac_parse_frame_is_valid (GstFlacParse * flacparse,
|
|||
|
||||
/* mind unknown framesize */
|
||||
search_start = MAX (2, flacparse->min_framesize);
|
||||
search_end = size - search_start;
|
||||
if (flacparse->max_framesize)
|
||||
search_end = MIN (size, flacparse->max_framesize + 9 + 2);
|
||||
else
|
||||
search_end = size;
|
||||
search_end -= 2;
|
||||
search_end = MIN (search_end, flacparse->max_framesize + 9 + 2);
|
||||
|
||||
remaining = size;
|
||||
|
||||
for (i = search_start; i < search_end; i++, remaining--) {
|
||||
for (i = search_start; i < search_end; i++) {
|
||||
|
||||
if ((GST_READ_UINT16_BE (data + i) & 0xfffe) != 0xfff8)
|
||||
continue;
|
||||
|
@ -690,7 +686,7 @@ gst_flac_parse_frame_is_valid (GstFlacParse * flacparse,
|
|||
suspect_end = FALSE;
|
||||
header_ret =
|
||||
gst_flac_parse_frame_header_is_valid (flacparse, data + i,
|
||||
remaining, FALSE, NULL, &suspect_end);
|
||||
size - i, FALSE, NULL, &suspect_end);
|
||||
if (header_ret == FRAME_HEADER_VALID) {
|
||||
if (flacparse->check_frame_checksums || suspect_start || suspect_end) {
|
||||
guint16 actual_crc = gst_flac_calculate_crc16 (data, i - 2);
|
||||
|
|
Loading…
Reference in a new issue