From a5ecb465a979eec42f17684f60347419d44a79af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim-Philipp=20M=C3=BCller?= <tim@centricular.com>
Date: Sat, 5 May 2018 16:16:45 +0200
Subject: [PATCH] bufferlist: fix abort due to underflow when creating 0-sized
 list

gst_buffer_list_new_sized(0) will cause an underflow in a calculation
which then makes it try to allocate huge amounts of memory, which
may lead to aborts.

https://bugzilla.gnome.org/show_bug.cgi?id=795758
---
 gst/gstbufferlist.c             |  3 +++
 tests/check/gst/gstbufferlist.c | 10 ++++++++++
 2 files changed, 13 insertions(+)

diff --git a/gst/gstbufferlist.c b/gst/gstbufferlist.c
index 9ca4d87798..16de4cecf0 100644
--- a/gst/gstbufferlist.c
+++ b/gst/gstbufferlist.c
@@ -149,6 +149,9 @@ gst_buffer_list_new_sized (guint size)
   gsize slice_size;
   guint n_allocated;
 
+  if (size == 0)
+    size = 1;
+
   n_allocated = GST_ROUND_UP_16 (size);
 
   slice_size = sizeof (GstBufferList) + (n_allocated - 1) * sizeof (gpointer);
diff --git a/tests/check/gst/gstbufferlist.c b/tests/check/gst/gstbufferlist.c
index 54e7257297..2ac332342e 100644
--- a/tests/check/gst/gstbufferlist.c
+++ b/tests/check/gst/gstbufferlist.c
@@ -474,6 +474,15 @@ GST_START_TEST (test_calc_size)
 
 GST_END_TEST;
 
+GST_START_TEST (test_new_sized_0)
+{
+  GstBufferList *b = gst_buffer_list_new_sized (0);
+
+  gst_buffer_list_unref (b);
+}
+
+GST_END_TEST;
+
 static Suite *
 gst_buffer_list_suite (void)
 {
@@ -491,6 +500,7 @@ gst_buffer_list_suite (void)
   tcase_add_test (tc_chain, test_expand_and_remove);
   tcase_add_test (tc_chain, test_get_writable);
   tcase_add_test (tc_chain, test_calc_size);
+  tcase_add_test (tc_chain, test_new_sized_0);
 
   return s;
 }