mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2024-07-11 09:06:05 +00:00
Code Issues 1 Projects Releases Wiki Activity

qtdemux: Check size of compressed MOOV header against available data

Browse source 
And actually read the size of the cmvd atom from the right position.

https://bugzilla.gnome.org/show_bug.cgi?id=775455
This commit is contained in:
Sebastian Dröge 2016-12-01 14:29:21 +02:00
parent 5e4883094b
commit b4d6b2af8e
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
gst/isomp4/qtdemux.c
View file

@ -6936,12 +6936,17 @@ qtdemux_parse_moov (GstQTDemux * qtdemux, const guint8 * buffer, guint length)
guint32 method;
GNode *dcom;
GNode *cmvd;
guint32 dcom_len;
dcom = qtdemux_tree_get_child_by_type (cmov, FOURCC_dcom);
cmvd = qtdemux_tree_get_child_by_type (cmov, FOURCC_cmvd);
if (dcom == NULL || cmvd == NULL)
goto invalid_compression;
dcom_len = QT_UINT32 (dcom->data);
if (dcom_len < 12)
goto invalid_compression;
method = QT_FOURCC ((guint8 *) dcom->data + 8);
switch (method) {
#ifdef HAVE_ZLIB
@ -6949,9 +6954,14 @@ qtdemux_parse_moov (GstQTDemux * qtdemux, const guint8 * buffer, guint length)
guint uncompressed_length;
guint compressed_length;
guint8 *buf;
guint32 cmvd_len;
cmvd_len = QT_UINT32 ((guint8 *) cmvd->data);
if (cmvd_len < 12)
goto invalid_compression;
uncompressed_length = QT_UINT32 ((guint8 *) cmvd->data + 8);
compressed_length = QT_UINT32 ((guint8 *) cmvd->data + 4) - 12;
compressed_length = cmvd_len - 12;
GST_LOG ("length = %u", uncompressed_length);
buf =