mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2024-11-29 05:01:23 +00:00
id3v2: Add missing overrun check for frame sizes
When frames claim to have a footer, ensure they are large enough to contain one to avoid an invalid read overrun. Spotted by Joshua Yabut
This commit is contained in:
parent
226dfc3f32
commit
d178f7626a
1 changed files with 8 additions and 2 deletions
|
@ -236,10 +236,16 @@ gst_tag_list_from_id3v2_tag (GstBuffer * buffer)
|
||||||
work.hdr.size = read_size;
|
work.hdr.size = read_size;
|
||||||
work.hdr.flags = flags;
|
work.hdr.flags = flags;
|
||||||
work.hdr.frame_data = info.data + ID3V2_HDR_SIZE;
|
work.hdr.frame_data = info.data + ID3V2_HDR_SIZE;
|
||||||
if (flags & ID3V2_HDR_FLAG_FOOTER)
|
|
||||||
|
if (flags & ID3V2_HDR_FLAG_FOOTER) {
|
||||||
|
if (read_size < ID3V2_HDR_SIZE + 10)
|
||||||
|
goto not_enough_data; /* Invalid frame size */
|
||||||
work.hdr.frame_data_size = read_size - ID3V2_HDR_SIZE - 10;
|
work.hdr.frame_data_size = read_size - ID3V2_HDR_SIZE - 10;
|
||||||
else
|
} else {
|
||||||
|
if (read_size < ID3V2_HDR_SIZE)
|
||||||
|
goto not_enough_data; /* Invalid frame size */
|
||||||
work.hdr.frame_data_size = read_size - ID3V2_HDR_SIZE;
|
work.hdr.frame_data_size = read_size - ID3V2_HDR_SIZE;
|
||||||
|
}
|
||||||
|
|
||||||
/* in v2.3 the frame sizes are not syncsafe, so the entire tag had to be
|
/* in v2.3 the frame sizes are not syncsafe, so the entire tag had to be
|
||||||
* unsynced. In v2.4 the frame sizes are syncsafe so it's just the frame
|
* unsynced. In v2.4 the frame sizes are syncsafe so it's just the frame
|
||||||
|
|
Loading…
Reference in a new issue