summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog9
-rw-r--r--gst/avi/gstavidemux.c51
2 files changed, 38 insertions, 22 deletions
diff --git a/ChangeLog b/ChangeLog
index 37e4cfb2..2b22dee6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2006-04-10 Wim Taymans <wim@fluendo.com>
+
+ Patch by: Ryan Lortie (desrt) <desrt at destr dot ca>
+
+ * gst/avi/gstavidemux.c: (gst_avi_demux_parse_superindex),
+ (gst_avi_demux_parse_stream), (gst_avi_demux_parse_index),
+ (gst_avi_demux_stream_header):
+ Fix some crashers with empty chunks. (Fixes #337749)
+
2006-04-09 Sebastien Moutte <sebastien@moutte.net>
* gst/level/gstlevel.c: (gst_level_set_caps),(gst_level_transform_ip):
diff --git a/gst/avi/gstavidemux.c b/gst/avi/gstavidemux.c
index e4d78c3d..ff2f237f 100644
--- a/gst/avi/gstavidemux.c
+++ b/gst/avi/gstavidemux.c
@@ -724,7 +724,7 @@ static gboolean
gst_avi_demux_parse_superindex (GstElement * element,
GstBuffer * buf, guint64 ** _indexes)
{
- guint8 *data = GST_BUFFER_DATA (buf);
+ guint8 *data;
gint bpe = 16, num, i;
guint64 *indexes;
@@ -733,9 +733,11 @@ gst_avi_demux_parse_superindex (GstElement * element,
if (buf == NULL)
goto no_buffer;
- if (!buf || GST_BUFFER_SIZE (buf) < 24)
+ if (GST_BUFFER_SIZE (buf) < 24)
goto too_small;
+ data = GST_BUFFER_DATA (buf);
+
/* check type of index. The opendml2 specs state that
* there should be 4 dwords per array entry. Type can be
* either frame or field (and we don't care). */
@@ -1031,6 +1033,7 @@ gst_avi_demux_parse_stream (GstElement * element, GstBuffer * buf)
/* read strd/strn */
while (gst_riff_parse_chunk (element, buf, &offset, &tag, &sub)) {
+ /* sub can be NULL if the chunk is empty */
switch (tag) {
case GST_RIFF_TAG_strd:
if (stream->initdata)
@@ -1039,11 +1042,15 @@ gst_avi_demux_parse_stream (GstElement * element, GstBuffer * buf)
break;
case GST_RIFF_TAG_strn:
g_free (stream->name);
- stream->name = g_new (gchar, GST_BUFFER_SIZE (sub) + 1);
- memcpy (stream->name, GST_BUFFER_DATA (sub), GST_BUFFER_SIZE (sub));
- stream->name[GST_BUFFER_SIZE (sub)] = '\0';
- gst_buffer_unref (sub);
- sub = NULL;
+ if (sub != NULL) {
+ stream->name = g_new (gchar, GST_BUFFER_SIZE (sub) + 1);
+ memcpy (stream->name, GST_BUFFER_DATA (sub), GST_BUFFER_SIZE (sub));
+ stream->name[GST_BUFFER_SIZE (sub)] = '\0';
+ gst_buffer_unref (sub);
+ sub = NULL;
+ } else {
+ stream->name = g_strdup ("");
+ }
break;
default:
if (tag == GST_MAKE_FOURCC ('i', 'n', 'd', 'x') ||
@@ -1058,8 +1065,10 @@ gst_avi_demux_parse_stream (GstElement * element, GstBuffer * buf)
GST_FOURCC_ARGS (tag));
/* fall-through */
case GST_RIFF_TAG_JUNK:
- gst_buffer_unref (sub);
- sub = NULL;
+ if (sub != NULL) {
+ gst_buffer_unref (sub);
+ sub = NULL;
+ }
break;
}
}
@@ -2075,13 +2084,15 @@ gst_avi_demux_stream_header (GstAviDemux * avi)
/* now, read the elements from the header until the end */
while (gst_riff_parse_chunk (GST_ELEMENT (avi), buf, &offset, &tag, &sub)) {
+ /* sub can be NULL on empty tags */
+ if (!sub)
+ continue;
+
switch (tag) {
case GST_RIFF_TAG_LIST:
- if (!sub || GST_BUFFER_SIZE (sub) < 4) {
- if (sub) {
- gst_buffer_unref (sub);
- sub = NULL;
- }
+ if (GST_BUFFER_SIZE (sub) < 4) {
+ gst_buffer_unref (sub);
+ sub = NULL;
break;
}
@@ -2100,10 +2111,8 @@ gst_avi_demux_stream_header (GstAviDemux * avi)
GST_FOURCC_ARGS (GST_READ_UINT32_LE (GST_BUFFER_DATA (sub))));
/* fall-through */
case GST_RIFF_TAG_JUNK:
- if (sub) {
- gst_buffer_unref (sub);
- sub = NULL;
- }
+ gst_buffer_unref (sub);
+ sub = NULL;
break;
}
break;
@@ -2113,10 +2122,8 @@ gst_avi_demux_stream_header (GstAviDemux * avi)
offset, GST_FOURCC_ARGS (tag));
/* fall-through */
case GST_RIFF_TAG_JUNK:
- if (sub) {
- gst_buffer_unref (sub);
- sub = NULL;
- }
+ gst_buffer_unref (sub);
+ sub = NULL;
break;
}
}
generated by cgit (git 2.34.1) at 2025-06-14 18:22:00 +0000