mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2024-12-24 01:00:37 +00:00
qtdemux: add len check for sound sample descriptions v1 and v2
https://bugzilla.gnome.org/show_bug.cgi?id=663458
This commit is contained in:
parent
629772f735
commit
6d3ff78575
1 changed files with 9 additions and 0 deletions
|
@ -7048,6 +7048,7 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
|
||||||
gboolean amrwb = FALSE;
|
gboolean amrwb = FALSE;
|
||||||
|
|
||||||
offset = 32;
|
offset = 32;
|
||||||
|
/* sample description entry (16) + sound sample description v0 (20) */
|
||||||
if (len < 36)
|
if (len < 36)
|
||||||
goto corrupt_file;
|
goto corrupt_file;
|
||||||
|
|
||||||
|
@ -7131,6 +7132,10 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (version == 0x00010000) {
|
if (version == 0x00010000) {
|
||||||
|
/* sample description entry (16) + sound sample description v1 (20+16) */
|
||||||
|
if (len < 52)
|
||||||
|
goto corrupt_file;
|
||||||
|
|
||||||
switch (fourcc) {
|
switch (fourcc) {
|
||||||
case FOURCC_twos:
|
case FOURCC_twos:
|
||||||
case FOURCC_sowt:
|
case FOURCC_sowt:
|
||||||
|
@ -7169,6 +7174,10 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
|
||||||
guint64 val;
|
guint64 val;
|
||||||
} qtfp;
|
} qtfp;
|
||||||
|
|
||||||
|
/* sample description entry (16) + sound sample description v2 (56) */
|
||||||
|
if (len < 72)
|
||||||
|
goto corrupt_file;
|
||||||
|
|
||||||
stream->samples_per_packet = QT_UINT32 (stsd_data + offset);
|
stream->samples_per_packet = QT_UINT32 (stsd_data + offset);
|
||||||
qtfp.val = QT_UINT64 (stsd_data + offset + 4);
|
qtfp.val = QT_UINT64 (stsd_data + offset + 4);
|
||||||
stream->rate = qtfp.fp;
|
stream->rate = qtfp.fp;
|
||||||
|
|
Loading…
Reference in a new issue