diff options
| author | Sebastian Dröge <sebastian@centricular.com> | 2016-11-22 20:01:20 +0200 |
|---|---|---|
| committer | Sebastian Dröge <sebastian@centricular.com> | 2016-11-22 20:02:42 +0200 |
| commit | c0da05df383b5d6b2e018069b4398be8c3d4f121 (patch) | |
| tree | bc2c03f0c2e43c1c269b7c56591235b51c93817f | |
| parent | fec77de8cbb0c8192b77aff2e563705ba421f2f2 (diff) | |
matroska: Add size checks to the parsing of FLAC headers
| -rw-r--r-- | gst/matroska/matroska-ids.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/gst/matroska/matroska-ids.c b/gst/matroska/matroska-ids.c index 74b4147f8..1ef3e2630 100644 --- a/gst/matroska/matroska-ids.c +++ b/gst/matroska/matroska-ids.c @@ -283,15 +283,18 @@ gst_matroska_parse_flac_stream_headers (gpointer codec_data, /* skip fLaC marker */ off = 4; - /* FIXME: check size remaining */ - while (off < codec_data_size) { + while (off < codec_data_size - 3) { len = GST_READ_UINT8 (pdata + off + 1) << 16; len |= GST_READ_UINT8 (pdata + off + 2) << 8; len |= GST_READ_UINT8 (pdata + off + 3); GST_DEBUG ("header packet: len=%u bytes, flags=0x%02x", len, pdata[off]); - /* FIXME: check size remaining */ + if (off + len > codec_data_size) { + gst_buffer_list_unref (list); + return NULL; + } + hdr = gst_buffer_new_wrapped (g_memdup (pdata + off, len + 4), len + 4); gst_buffer_list_add (list, hdr); |