mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2024-12-23 00:36:51 +00:00
qtmux: Fix extraction of CEA608 data from S334-1A packets
The index is already incremented by 3 every iteration so multiplying it by 3 additionally on each array access is doing it twice and does not work. This caused invalid files to be created if there's more than one CEA608 triplet in a buffer, and out of bounds memory reads. Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4634>
This commit is contained in:
parent
3497bbb8a8
commit
99285bb566
1 changed files with 5 additions and 5 deletions
|
@ -926,16 +926,16 @@ extract_608_field_from_s334_1a (const guint8 * ccdata, gsize ccdata_size,
|
||||||
/* Iterate over the ccdata and put the corresponding tuples for the given field
|
/* Iterate over the ccdata and put the corresponding tuples for the given field
|
||||||
* in the storage */
|
* in the storage */
|
||||||
for (i = 0; i < ccdata_size; i += 3) {
|
for (i = 0; i < ccdata_size; i += 3) {
|
||||||
if ((field == 1 && (ccdata[i * 3] & 0x80)) ||
|
if ((field == 1 && (ccdata[i] & 0x80)) ||
|
||||||
(field == 2 && !(ccdata[i * 3] & 0x80))) {
|
(field == 2 && !(ccdata[i] & 0x80))) {
|
||||||
GST_DEBUG ("Storing matching cc for field %d : 0x%02x 0x%02x", field,
|
GST_DEBUG ("Storing matching cc for field %d : 0x%02x 0x%02x", field,
|
||||||
ccdata[i * 3 + 1], ccdata[i * 3 + 2]);
|
ccdata[i + 1], ccdata[i + 2]);
|
||||||
if (res_size >= storage_size) {
|
if (res_size >= storage_size) {
|
||||||
storage_size += 128;
|
storage_size += 128;
|
||||||
storage = g_realloc (storage, storage_size);
|
storage = g_realloc (storage, storage_size);
|
||||||
}
|
}
|
||||||
storage[res_size] = ccdata[i * 3 + 1];
|
storage[res_size] = ccdata[i + 1];
|
||||||
storage[res_size + 1] = ccdata[i * 3 + 2];
|
storage[res_size + 1] = ccdata[i + 2];
|
||||||
res_size += 2;
|
res_size += 2;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue