mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2024-11-27 20:21:24 +00:00
gst-libs/gst/riff/riff-media.c: Make sure we don't read beyond the palette buffer in case of
Original commit message from CVS: * gst-libs/gst/riff/riff-media.c: (gst_riff_create_video_caps): Make sure we don't read beyond the palette buffer in case of broken or manipulated files (#333488, patch by: Fabrizio Gennari)
This commit is contained in:
parent
72122e4a86
commit
8d9e3abb5b
2 changed files with 22 additions and 11 deletions
|
@ -1,3 +1,10 @@
|
|||
2006-03-10 Tim-Philipp Müller <tim at centricular dot net>
|
||||
|
||||
* gst-libs/gst/riff/riff-media.c: (gst_riff_create_video_caps):
|
||||
Make sure we don't read beyond the palette buffer in case of
|
||||
broken or manipulated files (#333488, patch by: Fabrizio
|
||||
Gennari)
|
||||
|
||||
2006-03-10 Edward Hervey <edward@fluendo.com>
|
||||
|
||||
* gst/typefind/gsttypefindfunctions.c: (mp3_type_find_at_offset):
|
||||
|
|
|
@ -556,6 +556,7 @@ gst_riff_create_video_caps (guint32 codec_fcc,
|
|||
else
|
||||
num_colors = 256;
|
||||
|
||||
if (GST_BUFFER_SIZE (palette) >= (num_colors * 4)) {
|
||||
/* palette is always at least 256*4 bytes */
|
||||
copy = gst_buffer_new_and_alloc (MAX (num_colors * 4, 256 * 4));
|
||||
memcpy (GST_BUFFER_DATA (copy), GST_BUFFER_DATA (palette),
|
||||
|
@ -571,6 +572,9 @@ gst_riff_create_video_caps (guint32 codec_fcc,
|
|||
#endif
|
||||
gst_caps_set_simple (caps, "palette_data", GST_TYPE_BUFFER, copy, NULL);
|
||||
gst_buffer_unref (copy);
|
||||
} else {
|
||||
GST_WARNING ("Palette smaller than expected: broken file");
|
||||
}
|
||||
}
|
||||
|
||||
return caps;
|
||||
|
|
Loading…
Reference in a new issue