gst-libs/gst/riff/riff-media.c: Make sure we don't read beyond the palette buffer in case of

Original commit message from CVS:
* gst-libs/gst/riff/riff-media.c: (gst_riff_create_video_caps):
Make sure we don't read beyond the palette buffer in case of
broken or manipulated files (#333488, patch by: Fabrizio
Gennari)
This commit is contained in:
Fabrizio 2006-03-10 11:09:23 +00:00 committed by Tim-Philipp Müller
parent 72122e4a86
commit 8d9e3abb5b
2 changed files with 22 additions and 11 deletions

View file

@ -1,3 +1,10 @@
2006-03-10 Tim-Philipp Müller <tim at centricular dot net>
* gst-libs/gst/riff/riff-media.c: (gst_riff_create_video_caps):
Make sure we don't read beyond the palette buffer in case of
broken or manipulated files (#333488, patch by: Fabrizio
Gennari)
2006-03-10 Edward Hervey <edward@fluendo.com>
* gst/typefind/gsttypefindfunctions.c: (mp3_type_find_at_offset):

View file

@ -556,6 +556,7 @@ gst_riff_create_video_caps (guint32 codec_fcc,
else
num_colors = 256;
if (GST_BUFFER_SIZE (palette) >= (num_colors * 4)) {
/* palette is always at least 256*4 bytes */
copy = gst_buffer_new_and_alloc (MAX (num_colors * 4, 256 * 4));
memcpy (GST_BUFFER_DATA (copy), GST_BUFFER_DATA (palette),
@ -571,6 +572,9 @@ gst_riff_create_video_caps (guint32 codec_fcc,
#endif
gst_caps_set_simple (caps, "palette_data", GST_TYPE_BUFFER, copy, NULL);
gst_buffer_unref (copy);
} else {
GST_WARNING ("Palette smaller than expected: broken file");
}
}
return caps;