1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
From d21017b52a585f145e8d62781bcc1c5fefc7ee37 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Tue, 31 Jan 2017 13:50:21 +0200
Subject: [PATCH] asfdemux: Check that we have enough data available before
parsing bool/uint extended content descriptors
https://bugzilla.gnome.org/show_bug.cgi?id=777955
---
gst/asfdemux/gstasfdemux.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/gst/asfdemux/gstasfdemux.c b/gst/asfdemux/gstasfdemux.c
index 255a427..b8d48ad 100644
--- a/gst/asfdemux/gstasfdemux.c
+++ b/gst/asfdemux/gstasfdemux.c
@@ -3439,7 +3439,12 @@ gst_asf_demux_process_ext_content_desc (GstASFDemux * demux, guint8 * data,
break;
}
case ASF_DEMUX_DATA_TYPE_DWORD:{
- guint uint_val = GST_READ_UINT32_LE (value);
+ guint uint_val;
+
+ if (value_len < 4)
+ break;
+
+ uint_val = GST_READ_UINT32_LE (value);
/* this is the track number */
g_value_init (&tag_value, G_TYPE_UINT);
@@ -3453,7 +3458,12 @@ gst_asf_demux_process_ext_content_desc (GstASFDemux * demux, guint8 * data,
}
/* Detect 3D */
case ASF_DEMUX_DATA_TYPE_BOOL:{
- gboolean bool_val = GST_READ_UINT32_LE (value);
+ gboolean bool_val;
+
+ if (value_len < 4)
+ break;
+
+ bool_val = GST_READ_UINT32_LE (value);
if (strncmp ("Stereoscopic", name_utf8, strlen (name_utf8)) == 0) {
if (bool_val) {
|
