diff options
| author | Ryan Lortie (desrt) <desrt@destr.ca> | 2006-04-10 10:10:55 +0000 |
|---|---|---|
| committer | Wim Taymans <wim.taymans@gmail.com> | 2006-04-10 10:10:55 +0000 |
| commit | 4bdbbeb426aa0768a619f3c1a41efa8547d95527 (patch) | |
| tree | 53dd973f52f8a897e12467e5b46f0e26ce122ae9 /gst | |
| parent | 31a227b2aa48e5caf0af3a0ddde12a279646fa1d (diff) | |
gst/avi/gstavidemux.c: Fix some crashers with empty chunks. (Fixes #337749)
Original commit message from CVS:
Patch by: Ryan Lortie (desrt) <desrt at destr dot ca>
* gst/avi/gstavidemux.c: (gst_avi_demux_parse_superindex),
(gst_avi_demux_parse_stream), (gst_avi_demux_parse_index),
(gst_avi_demux_stream_header):
Fix some crashers with empty chunks. (Fixes #337749)
Diffstat (limited to 'gst')
| -rw-r--r-- | gst/avi/gstavidemux.c | 51 |
1 files changed, 29 insertions, 22 deletions
diff --git a/gst/avi/gstavidemux.c b/gst/avi/gstavidemux.c index e4d78c3d..ff2f237f 100644 --- a/gst/avi/gstavidemux.c +++ b/gst/avi/gstavidemux.c @@ -724,7 +724,7 @@ static gboolean gst_avi_demux_parse_superindex (GstElement * element, GstBuffer * buf, guint64 ** _indexes) { - guint8 *data = GST_BUFFER_DATA (buf); + guint8 *data; gint bpe = 16, num, i; guint64 *indexes; @@ -733,9 +733,11 @@ gst_avi_demux_parse_superindex (GstElement * element, if (buf == NULL) goto no_buffer; - if (!buf || GST_BUFFER_SIZE (buf) < 24) + if (GST_BUFFER_SIZE (buf) < 24) goto too_small; + data = GST_BUFFER_DATA (buf); + /* check type of index. The opendml2 specs state that * there should be 4 dwords per array entry. Type can be * either frame or field (and we don't care). */ @@ -1031,6 +1033,7 @@ gst_avi_demux_parse_stream (GstElement * element, GstBuffer * buf) /* read strd/strn */ while (gst_riff_parse_chunk (element, buf, &offset, &tag, &sub)) { + /* sub can be NULL if the chunk is empty */ switch (tag) { case GST_RIFF_TAG_strd: if (stream->initdata) @@ -1039,11 +1042,15 @@ gst_avi_demux_parse_stream (GstElement * element, GstBuffer * buf) break; case GST_RIFF_TAG_strn: g_free (stream->name); - stream->name = g_new (gchar, GST_BUFFER_SIZE (sub) + 1); - memcpy (stream->name, GST_BUFFER_DATA (sub), GST_BUFFER_SIZE (sub)); - stream->name[GST_BUFFER_SIZE (sub)] = '\0'; - gst_buffer_unref (sub); - sub = NULL; + if (sub != NULL) { + stream->name = g_new (gchar, GST_BUFFER_SIZE (sub) + 1); + memcpy (stream->name, GST_BUFFER_DATA (sub), GST_BUFFER_SIZE (sub)); + stream->name[GST_BUFFER_SIZE (sub)] = '\0'; + gst_buffer_unref (sub); + sub = NULL; + } else { + stream->name = g_strdup (""); + } break; default: if (tag == GST_MAKE_FOURCC ('i', 'n', 'd', 'x') || @@ -1058,8 +1065,10 @@ gst_avi_demux_parse_stream (GstElement * element, GstBuffer * buf) GST_FOURCC_ARGS (tag)); /* fall-through */ case GST_RIFF_TAG_JUNK: - gst_buffer_unref (sub); - sub = NULL; + if (sub != NULL) { + gst_buffer_unref (sub); + sub = NULL; + } break; } } @@ -2075,13 +2084,15 @@ gst_avi_demux_stream_header (GstAviDemux * avi) /* now, read the elements from the header until the end */ while (gst_riff_parse_chunk (GST_ELEMENT (avi), buf, &offset, &tag, &sub)) { + /* sub can be NULL on empty tags */ + if (!sub) + continue; + switch (tag) { case GST_RIFF_TAG_LIST: - if (!sub || GST_BUFFER_SIZE (sub) < 4) { - if (sub) { - gst_buffer_unref (sub); - sub = NULL; - } + if (GST_BUFFER_SIZE (sub) < 4) { + gst_buffer_unref (sub); + sub = NULL; break; } @@ -2100,10 +2111,8 @@ gst_avi_demux_stream_header (GstAviDemux * avi) GST_FOURCC_ARGS (GST_READ_UINT32_LE (GST_BUFFER_DATA (sub)))); /* fall-through */ case GST_RIFF_TAG_JUNK: - if (sub) { - gst_buffer_unref (sub); - sub = NULL; - } + gst_buffer_unref (sub); + sub = NULL; break; } break; @@ -2113,10 +2122,8 @@ gst_avi_demux_stream_header (GstAviDemux * avi) offset, GST_FOURCC_ARGS (tag)); /* fall-through */ case GST_RIFF_TAG_JUNK: - if (sub) { - gst_buffer_unref (sub); - sub = NULL; - } + gst_buffer_unref (sub); + sub = NULL; break; } } |