mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2024-12-28 11:10:37 +00:00
kate: avoid read buffer overflow in crafted stream
Coverity 1208777
This commit is contained in:
parent
56cca649d4
commit
d8fb89e4e6
1 changed files with 8 additions and 2 deletions
|
@ -79,7 +79,7 @@ gst_kate_spu_decode_pixaddr (GstKateEnc * ke, const guint8 * ptr)
|
|||
|
||||
/* heavily inspired from dvdspudec */
|
||||
static guint16
|
||||
gst_kate_spu_decode_colcon (GstKateEnc * ke, const guint8 * ptr)
|
||||
gst_kate_spu_decode_colcon (GstKateEnc * ke, const guint8 * ptr, guint16 sz)
|
||||
{
|
||||
guint16 nbytes = GST_KATE_UINT16_BE (ptr + 0);
|
||||
guint16 nbytes_left = nbytes;
|
||||
|
@ -92,6 +92,12 @@ gst_kate_spu_decode_colcon (GstKateEnc * ke, const guint8 * ptr)
|
|||
nbytes);
|
||||
return 0;
|
||||
}
|
||||
if (G_UNLIKELY (nbytes > sz)) {
|
||||
GST_WARNING_OBJECT (ke,
|
||||
"Number of bytes in color/contrast change command is %u, but the buffer "
|
||||
"only contains %u byte(s)", nbytes, sz);
|
||||
return 0;
|
||||
}
|
||||
|
||||
ptr += 2;
|
||||
nbytes_left -= 2;
|
||||
|
@ -348,7 +354,7 @@ gst_kate_spu_decode_command_sequence (GstKateEnc * ke, GstBuffer * buf,
|
|||
case SPU_CMD_CHG_COLCON: /* 0x07 */
|
||||
GST_DEBUG_OBJECT (ke, "[7] CHANGE COLOR/CONTRAST");
|
||||
CHECK (2);
|
||||
ADVANCE (gst_kate_spu_decode_colcon (ke, ptr));
|
||||
ADVANCE (gst_kate_spu_decode_colcon (ke, ptr, sz));
|
||||
break;
|
||||
case SPU_CMD_END: /* 0xff */
|
||||
GST_DEBUG_OBJECT (ke, "[0xff] END");
|
||||
|
|
Loading…
Reference in a new issue