From fbd1cbe006644a05c8f4ad0170e880b4651505b7 Mon Sep 17 00:00:00 2001 From: Jan Schmidt Date: Wed, 25 Jan 2006 18:23:05 +0000 Subject: [PATCH] tag: id3v2: Never trust ANY information encoded in a media file, especially when it's giving you size... Original commit message from CVS: * gst-libs/gst/tag/id3v2frames.c: (id3demux_id3v2_parse_frame): Never trust ANY information encoded in a media file, especially when it's giving you sizes. (Fixes #328452) --- gst-libs/gst/tag/id3v2frames.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/gst-libs/gst/tag/id3v2frames.c b/gst-libs/gst/tag/id3v2frames.c index 0bc48e1db5..c4c41ff00d 100644 --- a/gst-libs/gst/tag/id3v2frames.c +++ b/gst-libs/gst/tag/id3v2frames.c @@ -95,6 +95,11 @@ id3demux_id3v2_parse_frame (ID3TagsWorking * work) work->parse_size = read_synch_uint (frame_data, 4); frame_data += 4; frame_data_size -= 4; + if (work->parse_size < frame_data_size) { + GST_WARNING ("ID3v2 frame %s has invalid size %d.", tag_name, + frame_data_size); + return FALSE; + } } else work->parse_size = frame_data_size; @@ -113,6 +118,12 @@ id3demux_id3v2_parse_frame (ID3TagsWorking * work) g_free (work->parse_data); return FALSE; } + if (destSize != work->parse_size) { + GST_WARNING + ("Decompressing ID3v2 frame %s did not produce expected size %d bytes (got %d)", + tag_name, work->parse_data, destSize); + return FALSE; + } #else GST_WARNING ("Compressed ID3v2 tag frame could not be decompressed" " because gstid3demux was compiled without zlib support");