mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2025-01-19 05:45:58 +00:00
Code Issues 1 Projects Releases Wiki Activity

qtdemux: bail out instead of trying to alloc silly index sizes

Browse source 
If it looks like we would be allocating a silly size for our sample
index, just bail out instead of trying to allocate it. Helps with
broken or fuzzed files where we might end up trying to malloc a
couple of hundred MBs otherwise.
This commit is contained in:
Tim-Philipp Müller 2009-08-20 18:21:59 +01:00
parent abaf91e428
commit f65e6ea3a1
1 changed files with 20 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
gst/qtdemux/qtdemux.c
View file

@ -66,6 +66,9 @@
/* max. size considered 'sane' for non-mdat atoms */
#define QTDEMUX_MAX_ATOM_SIZE (25*1024*1024)
/* if the sample index is larger than this, something is likely wrong */
#define QTDEMUX_MAX_SAMPLE_INDEX_SIZE (50*1024*1024)
GST_DEBUG_CATEGORY (qtdemux_debug);
/*typedef struct _QtNode QtNode; */
@ -3570,8 +3573,11 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxStream * stream,
if (n_samples == 0)
goto no_samples;
GST_DEBUG_OBJECT (qtdemux, "stsz sample_size 0, allocating n_samples %u",
n_samples);
GST_DEBUG_OBJECT (qtdemux, "stsz sample_size 0, allocating n_samples %u "
"(%u MB)", n_samples, (n_samples * sizeof (QtDemuxSample)) >> 20);
if (n_samples >= QTDEMUX_MAX_SAMPLE_INDEX_SIZE / sizeof (QtDemuxSample))
goto index_too_big;
samples = g_try_new0 (QtDemuxSample, n_samples);
if (samples == NULL)
@ -3795,7 +3801,11 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxStream * stream,
if (n_samples == 0)
goto no_samples;
GST_DEBUG_OBJECT (qtdemux, "allocating n_samples %d", n_samples);
GST_DEBUG_OBJECT (qtdemux, "allocating n_samples %u (%u MB)", n_samples,
(n_samples * sizeof (QtDemuxSample)) >> 20);
if (n_samples >= QTDEMUX_MAX_SAMPLE_INDEX_SIZE / sizeof (QtDemuxSample))
goto index_too_big;
samples = g_try_new0 (QtDemuxSample, n_samples);
if (samples == NULL)
@ -3940,6 +3950,13 @@ out_of_memory:
GST_WARNING_OBJECT (qtdemux, "failed to allocate %d samples", n_samples);
return FALSE;
}
index_too_big:
{
GST_WARNING_OBJECT (qtdemux, "not allocating index of %d samples, would "
"be larger than %uMB (broken file?)", n_samples,
QTDEMUX_MAX_SAMPLE_INDEX_SIZE >> 20);
return FALSE;
}
}
/* collect all segment info for @stream.