gst/flv/gstflvparse.c: Handle NULL returns from FLV_GET_STRING() more gracefully. Fixes crash caused by a strlen on a...

Original commit message from CVS:
* gst/flv/gstflvparse.c: (gst_flv_parse_metadata_item),
(gst_flv_parse_tag_script):
Handle NULL returns from FLV_GET_STRING() more gracefully. Fixes
crash caused by a strlen on a NULL string (#527622).
This commit is contained in:
Tim-Philipp Müller 2008-04-11 23:19:21 +00:00
parent 53e5f028ec
commit d548425062
2 changed files with 15 additions and 3 deletions

View file

@ -1,3 +1,10 @@
2008-04-12 Tim-Philipp Müller <tim at centricular dot net>
* gst/flv/gstflvparse.c: (gst_flv_parse_metadata_item),
(gst_flv_parse_tag_script):
Handle NULL returns from FLV_GET_STRING() more gracefully. Fixes
crash caused by a strlen on a NULL string (#527622).
2008-04-11 Tim-Philipp Müller <tim at centricular dot net>
Patch by: Ole André Vadla Ravnås <ole.andre.ravnas at tandberg com>

View file

@ -178,6 +178,9 @@ gst_flv_parse_metadata_item (GstFLVDemux * demux, const guint8 * data,
value = FLV_GET_STRING (data + offset, data_size - offset);
if (value == NULL)
break;
offset += strlen (value) + 2;
GST_DEBUG_OBJECT (demux, "%s => (string) %s", tag_name, value);
@ -329,12 +332,14 @@ gst_flv_parse_tag_script (GstFLVDemux * demux, const guint8 * data,
GST_LOG_OBJECT (demux, "parsing a script tag");
if (GST_READ_UINT8 (data + offset++) == 2) {
gchar *function_name;
guint i;
gchar *function_name = FLV_GET_STRING (data + offset, data_size - offset);
GST_LOG_OBJECT (demux, "function name is %s", function_name);
function_name = FLV_GET_STRING (data + offset, data_size - offset);
if (!strcmp (function_name, "onMetaData")) {
GST_LOG_OBJECT (demux, "function name is %s", GST_STR_NULL (function_name));
if (function_name != NULL && strcmp (function_name, "onMetaData") == 0) {
guint32 nb_elems = 0;
gboolean end_marker = FALSE;