Add buffer length checks to every typefinding function

Original commit message from CVS: Add buffer length checks to every typefinding function
2024-11-23 18:21:04 +00:00 · 2003-07-24 08:49:43 +00:00 · 2003-07-24 08:49:43 +00:00 · a962c0f40c
commit a962c0f40c
parent a287b1e442
7 changed files with 28 additions and 5 deletions
--- a/ext/audiofile/gstaftypes.c
+++ b/ext/audiofile/gstaftypes.c
@ -58,7 +58,7 @@ gst_aftypes_type_find(GstBuffer *buf, gpointer private)
  int file_format, format_version;
  gchar *type;
-  g_print("calling gst_aftypes_type_find\n");
+  GST_DEBUG("calling gst_aftypes_type_find");
  buffer_wrap->buffer = buf;
  buffer_wrap->offset = 0;
@ -76,7 +76,7 @@ gst_aftypes_type_find(GstBuffer *buf, gpointer private)
  file_format = afGetFileFormat (file, &format_version);
  afCloseFile (file);
-  g_print("file format: %d\n", file_format);
+  GST_DEBUG("file format: %d", file_format);
  /* reject raw data, just in case it is some other format */
  if (file_format == AF_FILE_UNKNOWN ||
--- a/ext/ivorbis/vorbis.c
+++ b/ext/ivorbis/vorbis.c
@ -83,7 +83,12 @@ static GstTypeDefinition vorbisdefinition = {
 static GstCaps* 
 vorbis_type_find (GstBuffer *buf, gpointer private) 
 {
-  guint32 head = GUINT32_FROM_BE (*((guint32 *)GST_BUFFER_DATA (buf)));
+  guint32 head;
  if (GST_BUFFER_SIZE (buf) < 4)
    return NULL;
  head = GUINT32_FROM_BE (*((guint32 *)GST_BUFFER_DATA (buf)));
  if (head  != 0x4F676753)
    return NULL;
--- a/ext/swfdec/gstswfdec.c
+++ b/ext/swfdec/gstswfdec.c
@ -631,6 +631,9 @@ swf_type_find(GstBuffer *buf, gpointer private)
 {
 	gchar *data = GST_BUFFER_DATA(buf);
 	if (GST_BUFFER_SIZE (buf) < 4)
 	  return NULL;
 	if((data[0] != 'F' && data[0] != 'C') ||
 	    data[1] != 'W' || data[2] != 'S')return NULL;
--- a/ext/tarkin/gsttarkin.c
+++ b/ext/tarkin/gsttarkin.c
@ -69,11 +69,16 @@ static GstTypeDefinition tarkindefinition =
 static GstCaps* 
 tarkin_type_find (GstBuffer *buf, gpointer private) 
 {
-  guint32 head = GUINT32_FROM_BE (*((guint32 *)GST_BUFFER_DATA (buf)));
+  guint32 head;
  if (GST_BUFFER_SIZE (buf) < 4)
    return NULL;
  /* FIXME */
  return NULL;
  head = GUINT32_FROM_BE (*((guint32 *)GST_BUFFER_DATA (buf)));
  if (head  != 0x4F676753)
    return NULL;
--- a/gst/cdxaparse/gstcdxaparse.c
+++ b/gst/cdxaparse/gstcdxaparse.c
@ -167,6 +167,9 @@ cdxa_type_find (GstBuffer *buf,
  GST_DEBUG ("cdxa_parse: typefind");
  if (GST_BUFFER_SIZE (buf) < 12)
    return NULL;
  if (GUINT32_FROM_LE (((guint32 *)data)[0]) != GST_RIFF_TAG_RIFF)
    return NULL;
  if (GUINT32_FROM_LE (((guint32 *)data)[2]) != GST_RIFF_RIFF_CDXA)
--- a/gst/festival/gstfestival.c
+++ b/gst/festival/gstfestival.c
@ -203,8 +203,12 @@ text_type_find (GstBuffer *buf, gpointer private)
  gchar *data = GST_BUFFER_DATA (buf);
  gint i;
  /* 20 is arbitrary.  4 is definitely too small. */
  if (GST_BUFFER_SIZE (buf) < 20)
    return NULL;
  for (i=0; i<GST_BUFFER_SIZE (buf); i++) {
-    if (!isprint(*(data+i)))
+    if (!isprint(data[i]) && data[i]!='\n')
      return NULL;
  }
--- a/gst/modplug/gstmodplug.cc
+++ b/gst/modplug/gstmodplug.cc
@ -132,6 +132,9 @@ static GstElementClass *parent_class = NULL;
 static GstCaps* 
 modplug_type_find (GstBuffer *buf, gpointer priv) 
 {  
  if (GST_BUFFER_SIZE (buf) < 75)
    return NULL;
  if (MOD_CheckType (buf)     ||
      Mod_669_CheckType (buf) ||
      Amf_CheckType (buf)     ||