mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2024-11-10 03:19:40 +00:00
Code Issues 1 Projects Releases Wiki Activity

gst/avi/gstavidemux.c: Fix some crashers with empty chunks. (Fixes #337749)

Browse source 
Original commit message from CVS:
Patch by: Ryan Lortie (desrt) <desrt at destr dot ca>
* gst/avi/gstavidemux.c: (gst_avi_demux_parse_superindex),
(gst_avi_demux_parse_stream), (gst_avi_demux_parse_index),
(gst_avi_demux_stream_header):
Fix some crashers with empty chunks. (Fixes #337749)
This commit is contained in:
Ryan Lortie (desrt) 2006-04-10 10:10:55 +00:00 committed by Wim Taymans
parent 31a227b2aa
commit 4bdbbeb426
2 changed files with 38 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
ChangeLog
View file

@ -1,3 +1,12 @@
2006-04-10 Wim Taymans <wim@fluendo.com>
Patch by: Ryan Lortie (desrt) <desrt at destr dot ca>
* gst/avi/gstavidemux.c: (gst_avi_demux_parse_superindex),
(gst_avi_demux_parse_stream), (gst_avi_demux_parse_index),
(gst_avi_demux_stream_header):
Fix some crashers with empty chunks. (Fixes #337749)
2006-04-09 Sebastien Moutte <sebastien@moutte.net> 2006-04-09 Sebastien Moutte <sebastien@moutte.net>
* gst/level/gstlevel.c: (gst_level_set_caps),(gst_level_transform_ip): * gst/level/gstlevel.c: (gst_level_set_caps),(gst_level_transform_ip):

51
gst/avi/gstavidemux.c
View file

@ -724,7 +724,7 @@ static gboolean
gst_avi_demux_parse_superindex (GstElement * element, gst_avi_demux_parse_superindex (GstElement * element,
GstBuffer * buf, guint64 ** _indexes) GstBuffer * buf, guint64 ** _indexes)
{ {
guint8 *data = GST_BUFFER_DATA (buf); guint8 *data;
gint bpe = 16, num, i; gint bpe = 16, num, i;
guint64 *indexes; guint64 *indexes;
@ -733,9 +733,11 @@ gst_avi_demux_parse_superindex (GstElement * element,
if (buf == NULL) if (buf == NULL)
goto no_buffer; goto no_buffer;
if (!buf || GST_BUFFER_SIZE (buf) < 24) if (GST_BUFFER_SIZE (buf) < 24)
goto too_small; goto too_small;
data = GST_BUFFER_DATA (buf);
/* check type of index. The opendml2 specs state that /* check type of index. The opendml2 specs state that
* there should be 4 dwords per array entry. Type can be * there should be 4 dwords per array entry. Type can be
* either frame or field (and we don't care). */ * either frame or field (and we don't care). */
@ -1031,6 +1033,7 @@ gst_avi_demux_parse_stream (GstElement * element, GstBuffer * buf)
/* read strd/strn */ /* read strd/strn */
while (gst_riff_parse_chunk (element, buf, &offset, &tag, &sub)) { while (gst_riff_parse_chunk (element, buf, &offset, &tag, &sub)) {
/* sub can be NULL if the chunk is empty */
switch (tag) { switch (tag) {
case GST_RIFF_TAG_strd: case GST_RIFF_TAG_strd:
if (stream->initdata) if (stream->initdata)
@ -1039,11 +1042,15 @@ gst_avi_demux_parse_stream (GstElement * element, GstBuffer * buf)
break; break;
case GST_RIFF_TAG_strn: case GST_RIFF_TAG_strn:
g_free (stream->name); g_free (stream->name);
stream->name = g_new (gchar, GST_BUFFER_SIZE (sub) + 1); if (sub != NULL) {
memcpy (stream->name, GST_BUFFER_DATA (sub), GST_BUFFER_SIZE (sub)); stream->name = g_new (gchar, GST_BUFFER_SIZE (sub) + 1);
stream->name[GST_BUFFER_SIZE (sub)] = '\0'; memcpy (stream->name, GST_BUFFER_DATA (sub), GST_BUFFER_SIZE (sub));
gst_buffer_unref (sub); stream->name[GST_BUFFER_SIZE (sub)] = '\0';
sub = NULL; gst_buffer_unref (sub);
sub = NULL;
} else {
stream->name = g_strdup ("");
}
break; break;
default: default:
if (tag == GST_MAKE_FOURCC ('i', 'n', 'd', 'x') || if (tag == GST_MAKE_FOURCC ('i', 'n', 'd', 'x') ||
@ -1058,8 +1065,10 @@ gst_avi_demux_parse_stream (GstElement * element, GstBuffer * buf)
GST_FOURCC_ARGS (tag)); GST_FOURCC_ARGS (tag));
/* fall-through */ /* fall-through */
case GST_RIFF_TAG_JUNK: case GST_RIFF_TAG_JUNK:
gst_buffer_unref (sub); if (sub != NULL) {
sub = NULL; gst_buffer_unref (sub);
sub = NULL;
}
break; break;
} }
} }
@ -2075,13 +2084,15 @@ gst_avi_demux_stream_header (GstAviDemux * avi)
/* now, read the elements from the header until the end */ /* now, read the elements from the header until the end */
while (gst_riff_parse_chunk (GST_ELEMENT (avi), buf, &offset, &tag, &sub)) { while (gst_riff_parse_chunk (GST_ELEMENT (avi), buf, &offset, &tag, &sub)) {
/* sub can be NULL on empty tags */
if (!sub)
continue;
switch (tag) { switch (tag) {
case GST_RIFF_TAG_LIST: case GST_RIFF_TAG_LIST:
if (!sub || GST_BUFFER_SIZE (sub) < 4) { if (GST_BUFFER_SIZE (sub) < 4) {
if (sub) { gst_buffer_unref (sub);
gst_buffer_unref (sub); sub = NULL;
sub = NULL;
}
break; break;
} }
@ -2100,10 +2111,8 @@ gst_avi_demux_stream_header (GstAviDemux * avi)
GST_FOURCC_ARGS (GST_READ_UINT32_LE (GST_BUFFER_DATA (sub)))); GST_FOURCC_ARGS (GST_READ_UINT32_LE (GST_BUFFER_DATA (sub))));
/* fall-through */ /* fall-through */
case GST_RIFF_TAG_JUNK: case GST_RIFF_TAG_JUNK:
if (sub) { gst_buffer_unref (sub);
gst_buffer_unref (sub); sub = NULL;
sub = NULL;
}
break; break;
} }
break; break;
@ -2113,10 +2122,8 @@ gst_avi_demux_stream_header (GstAviDemux * avi)
offset, GST_FOURCC_ARGS (tag)); offset, GST_FOURCC_ARGS (tag));
/* fall-through */ /* fall-through */
case GST_RIFF_TAG_JUNK: case GST_RIFF_TAG_JUNK:
if (sub) { gst_buffer_unref (sub);
gst_buffer_unref (sub); sub = NULL;
sub = NULL;
}
break; break;
} }
} }