gst/id3demux/id3v2frames.c: Never trust ANY information encoded in a media file, especially when it's giving you size...

Original commit message from CVS:
* gst/id3demux/id3v2frames.c: (id3demux_id3v2_parse_frame):
Never trust ANY information encoded in a media file, especially
when it's giving you sizes. (Fixes #328452)

1 files changed, 11 insertions, 0 deletions

diff --git a/gst/id3demux/id3v2frames.c b/gst/id3demux/id3v2frames.c
index 0bc48e1d..c4c41ff0 100644
--- a/gst/id3demux/id3v2frames.c
+++ b/gst/id3demux/id3v2frames.c
@@ -95,6 +95,11 @@ id3demux_id3v2_parse_frame (ID3TagsWorking * work)
     work->parse_size = read_synch_uint (frame_data, 4);
     frame_data += 4;
     frame_data_size -= 4;
+    if (work->parse_size < frame_data_size) {
+      GST_WARNING ("ID3v2 frame %s has invalid size %d.", tag_name,
+          frame_data_size);
+      return FALSE;
+    }
   } else
     work->parse_size = frame_data_size;
 
@@ -113,6 +118,12 @@ id3demux_id3v2_parse_frame (ID3TagsWorking * work)
       g_free (work->parse_data);
       return FALSE;
     }
+    if (destSize != work->parse_size) {
+      GST_WARNING
+          ("Decompressing ID3v2 frame %s did not produce expected size %d bytes (got %d)",
+          tag_name, work->parse_data, destSize);
+      return FALSE;
+    }
 #else
     GST_WARNING ("Compressed ID3v2 tag frame could not be decompressed"
         " because gstid3demux was compiled without zlib support");