blob: c9f81994476ac7c4a8f7095be4918aedc9303e0e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
From ef55c8a6b7ca746b2d1b55129a404eb5f58cf140 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Sun, 15 Jan 2017 18:42:34 +0100
Subject: [PATCH] riff-media: Don't recurse in for nested WAVEFORMATEX
There was already a check for that, but it failed because
subformat_guid[0] is a guint32 and that is then casted implicitely to a
guint16 when recursing... just that we checked the uncasted value.
This caused an infinite recursion and thus stack overflow.
https://bugzilla.gnome.org/show_bug.cgi?id=777265
---
gst-libs/gst/riff/riff-media.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/gst-libs/gst/riff/riff-media.c b/gst-libs/gst/riff/riff-media.c
index 328036d..3182bc3 100644
--- a/gst-libs/gst/riff/riff-media.c
+++ b/gst-libs/gst/riff/riff-media.c
@@ -1715,7 +1715,8 @@ gst_riff_create_audio_caps (guint16 codec_id,
caps = gst_caps_new_empty_simple ("audio/x-ac3");
if (codec_name)
*codec_name = g_strdup ("wavext AC-3 SPDIF audio");
- } else if (subformat_guid[0] == GST_RIFF_WAVE_FORMAT_EXTENSIBLE) {
+ } else if ((subformat_guid[0] & 0xffff) ==
+ GST_RIFF_WAVE_FORMAT_EXTENSIBLE) {
GST_DEBUG ("WAVE_FORMAT_EXTENSIBLE nested");
} else {
/* recurse where no special consideration has yet to be identified
|
