mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2024-09-08 21:28:45 +00:00
qtdemux: Be sure not to read off end of FLAC dfLa box
https://bugzilla.gnome.org/show_bug.cgi?id=773712
This commit is contained in:
parent
0ef3a71b89
commit
45843ab9a2
1 changed files with 24 additions and 5 deletions
|
@ -10936,7 +10936,9 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
|
||||||
GstBuffer *block = gst_buffer_new_wrapped (stream_marker,
|
GstBuffer *block = gst_buffer_new_wrapped (stream_marker,
|
||||||
strlen (stream_marker));
|
strlen (stream_marker));
|
||||||
|
|
||||||
guint index = 0;
|
guint32 index = 0;
|
||||||
|
guint32 remainder = 0;
|
||||||
|
guint32 block_size = 0;
|
||||||
gboolean is_last = FALSE;
|
gboolean is_last = FALSE;
|
||||||
|
|
||||||
GValue array = G_VALUE_INIT;
|
GValue array = G_VALUE_INIT;
|
||||||
|
@ -10951,13 +10953,22 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
|
||||||
|
|
||||||
gst_buffer_unref (block);
|
gst_buffer_unref (block);
|
||||||
|
|
||||||
while (is_last == FALSE && index < metadata_blocks_len) {
|
/* check there's at least one METADATA_BLOCK_HEADER's worth
|
||||||
|
* of data, and we haven't already finished parsing */
|
||||||
|
while (!is_last && ((index + 3) < metadata_blocks_len)) {
|
||||||
|
remainder = metadata_blocks_len - index;
|
||||||
|
|
||||||
/* add the METADATA_BLOCK_HEADER size to the signalled size */
|
/* add the METADATA_BLOCK_HEADER size to the signalled size */
|
||||||
const guint block_size = 4 +
|
block_size = 4 +
|
||||||
(metadata_blocks[index + 1] << 16) +
|
(metadata_blocks[index + 1] << 16) +
|
||||||
(metadata_blocks[index + 2] << 8) +
|
(metadata_blocks[index + 2] << 8) +
|
||||||
metadata_blocks[index + 3];
|
metadata_blocks[index + 3];
|
||||||
|
|
||||||
|
/* be careful not to read off end of box */
|
||||||
|
if (block_size > remainder) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
is_last = metadata_blocks[index] >> 7;
|
is_last = metadata_blocks[index] >> 7;
|
||||||
|
|
||||||
block = gst_buffer_new_and_alloc (block_size);
|
block = gst_buffer_new_and_alloc (block_size);
|
||||||
|
@ -10974,8 +10985,16 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
|
||||||
index += block_size;
|
index += block_size;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* only append the metadata if we successfully read all of it */
|
||||||
|
if (is_last) {
|
||||||
gst_structure_set_value (gst_caps_get_structure (stream->caps,
|
gst_structure_set_value (gst_caps_get_structure (stream->caps,
|
||||||
0), "streamheader", &array);
|
0), "streamheader", &array);
|
||||||
|
} else {
|
||||||
|
GST_WARNING_OBJECT (qtdemux,
|
||||||
|
"discarding all METADATA_BLOCKs due to invalid "
|
||||||
|
"block_size %d at idx %d, rem %d", block_size, index,
|
||||||
|
remainder);
|
||||||
|
}
|
||||||
|
|
||||||
g_value_unset (&value);
|
g_value_unset (&value);
|
||||||
g_value_unset (&array);
|
g_value_unset (&array);
|
||||||
|
|
Loading…
Reference in a new issue