From d7f415e09ffbb333cba96acad367ac731c641b73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= Date: Tue, 8 Jan 2008 19:42:38 +0000 Subject: [PATCH] Make sure that the Xing TOC starts with 0 and the entries are increasing over time. Otherwise it's broken and should ... Original commit message from CVS: * ext/mad/gstmad.c: (mpg123_parse_xing_header): * gst/mpegaudioparse/gstmpegaudioparse.c: (gst_mp3parse_handle_first_frame): Make sure that the Xing TOC starts with 0 and the entries are increasing over time. Otherwise it's broken and should be skipped. Fixes bug #507821. --- ChangeLog | 9 +++++++++ ext/mad/gstmad.c | 11 +++++++++++ gst/mpegaudioparse/gstmpegaudioparse.c | 17 ++++++++++++++++- 3 files changed, 36 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index db1cbcae4e..cdf9da2d02 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2008-01-08 Sebastian Dröge + + * ext/mad/gstmad.c: (mpg123_parse_xing_header): + * gst/mpegaudioparse/gstmpegaudioparse.c: + (gst_mp3parse_handle_first_frame): + Make sure that the Xing TOC starts with 0 and the entries + are increasing over time. Otherwise it's broken and should + be skipped. Fixes bug #507821. + 2008-01-08 Tim-Philipp Müller * gst/asfdemux/gstasfdemux.c: (asfdemux_dbg), (gst_asf_demux_reset), diff --git a/ext/mad/gstmad.c b/ext/mad/gstmad.c index 7f69a50485..981de0f666 100644 --- a/ext/mad/gstmad.c +++ b/ext/mad/gstmad.c @@ -1099,14 +1099,25 @@ mpg123_parse_xing_header (struct mad_header *header, ptr += 4; } if (xflags & XING_TOC_FLAG) { + guchar old = 0; + lprintf ("toc found\n"); if (ptr >= (buf + bufsize - XING_TOC_LENGTH)) return 0; + if (*ptr != 0) { + lprintf ("skipping broken Xing TOC\n"); + goto skip_toc; + } for (i = 0; i < XING_TOC_LENGTH; i++) { xtoc[i] = *(ptr + i); + if (old > xtoc[i]) { + lprintf ("skipping broken Xing TOC\n"); + goto skip_toc; + } lprintf ("%d ", xtoc[i]); } lprintf ("\n"); + skip_toc: ptr += XING_TOC_LENGTH; } diff --git a/gst/mpegaudioparse/gstmpegaudioparse.c b/gst/mpegaudioparse/gstmpegaudioparse.c index 69591ade1e..331a640fb5 100644 --- a/gst/mpegaudioparse/gstmpegaudioparse.c +++ b/gst/mpegaudioparse/gstmpegaudioparse.c @@ -759,9 +759,23 @@ gst_mp3parse_handle_first_frame (GstMPEGAudioParse * mp3parse) if (xing_flags & XING_TOC_FLAG) { int i, percent = 0; guchar *table = mp3parse->xing_seek_table; + guchar old = 0; + + if (data[0] != 0) { + GST_WARNING_OBJECT (mp3parse, "Skipping broken Xing TOC"); + mp3parse->xing_flags &= ~XING_TOC_FLAG; + goto skip_toc; + } /* xing seek table: percent time -> 1/256 bytepos */ - memcpy (mp3parse->xing_seek_table, data, 100); + for (i = 0; i < 100; i++) { + mp3parse->xing_seek_table[i] = data[i]; + if (old > data[i]) { + GST_WARNING_OBJECT (mp3parse, "Skipping broken Xing TOC"); + mp3parse->xing_flags &= ~XING_TOC_FLAG; + goto skip_toc; + } + } /* build inverse table: 1/256 bytepos -> 1/100 percent time */ for (i = 0; i < 256; i++) { @@ -788,6 +802,7 @@ gst_mp3parse_handle_first_frame (GstMPEGAudioParse * mp3parse) mp3parse->xing_seek_table_inverse[i] = (guint16) (fx * 100); } } + skip_toc: data += 100; } else { memset (mp3parse->xing_seek_table, 0, 100);