summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog6
-rw-r--r--gst/id3demux/id3v2frames.c11
2 files changed, 17 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 4bee558b..a05348a7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2006-01-25 Jan Schmidt <thaytan@mad.scientist.com>
+
+ * gst/id3demux/id3v2frames.c: (id3demux_id3v2_parse_frame):
+ Never trust ANY information encoded in a media file, especially
+ when it's giving you sizes. (Fixes #328452)
+
2006-01-24 Edgard Lima <edgard.lima@indt.org.br>
* gst/rtp/gstrtpg711pay.c:
diff --git a/gst/id3demux/id3v2frames.c b/gst/id3demux/id3v2frames.c
index 0bc48e1d..c4c41ff0 100644
--- a/gst/id3demux/id3v2frames.c
+++ b/gst/id3demux/id3v2frames.c
@@ -95,6 +95,11 @@ id3demux_id3v2_parse_frame (ID3TagsWorking * work)
work->parse_size = read_synch_uint (frame_data, 4);
frame_data += 4;
frame_data_size -= 4;
+ if (work->parse_size < frame_data_size) {
+ GST_WARNING ("ID3v2 frame %s has invalid size %d.", tag_name,
+ frame_data_size);
+ return FALSE;
+ }
} else
work->parse_size = frame_data_size;
@@ -113,6 +118,12 @@ id3demux_id3v2_parse_frame (ID3TagsWorking * work)
g_free (work->parse_data);
return FALSE;
}
+ if (destSize != work->parse_size) {
+ GST_WARNING
+ ("Decompressing ID3v2 frame %s did not produce expected size %d bytes (got %d)",
+ tag_name, work->parse_data, destSize);
+ return FALSE;
+ }
#else
GST_WARNING ("Compressed ID3v2 tag frame could not be decompressed"
" because gstid3demux was compiled without zlib support");
generated by cgit (git 2.34.1) at 2025-07-18 10:24:12 +0000