diff options
| author | Tim-Philipp Müller <tim.muller@collabora.co.uk> | 2009-08-21 02:58:58 +0100 |
|---|---|---|
| committer | Tim-Philipp Müller <tim.muller@collabora.co.uk> | 2009-08-21 02:58:58 +0100 |
| commit | 004412848720a29b999b1b85adb6889c32884605 (patch) | |
| tree | 6ae0adf5784dc9689202977fc7785f4aaf16b1d1 | |
| parent | 30da9c07dae0649b85e3c0d6d538bec119046de6 (diff) | |
typefinders: skip ffmpeg typefinders if there isn't enough data
ffmpeg typefinders don't do bounds checking for small chunks of
data, so just skip them if we don't have a lot of data, to avoid
invalid memory access and/or crashes.
| -rw-r--r-- | ext/ffmpeg/gstffmpegdemux.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/ext/ffmpeg/gstffmpegdemux.c b/ext/ffmpeg/gstffmpegdemux.c index 3681497..6a8438f 100644 --- a/ext/ffmpeg/gstffmpegdemux.c +++ b/ext/ffmpeg/gstffmpegdemux.c @@ -1252,6 +1252,8 @@ no_info: } #define GST_FFMPEG_TYPE_FIND_SIZE 4096 +#define GST_FFMPEG_TYPE_FIND_MIN_SIZE 256 + static void gst_ffmpegdemux_type_find (GstTypeFind * tf, gpointer priv) { @@ -1267,6 +1269,16 @@ gst_ffmpegdemux_type_find (GstTypeFind * tf, gpointer priv) if (length == 0 || length > GST_FFMPEG_TYPE_FIND_SIZE) length = GST_FFMPEG_TYPE_FIND_SIZE; + /* The ffmpeg typefinders assume there's a certain minimum amount of data + * and will happily do invalid memory access if there isn't, so let's just + * skip the ffmpeg typefinders if the data available is too short + * (in which case it's unlikely to be a media file anyway) */ + if (length < GST_FFMPEG_TYPE_FIND_MIN_SIZE) { + GST_LOG ("not typefinding %" G_GUINT64_FORMAT " bytes, too short", length); + return; + } + + GST_LOG ("typefinding %" G_GUINT64_FORMAT " bytes", length); if (in_plugin->read_probe && (data = gst_type_find_peek (tf, 0, length)) != NULL) { AVProbeData probe_data; |