From 322baf19c80857f1f2b016ec6bf043d09c67d154 Mon Sep 17 00:00:00 2001
From: David Schleef <ds@schleef.org>
Date: Thu, 24 Jul 2003 08:49:42 +0000
Subject: Add buffer length checks to every typefinding function

Original commit message from CVS:
Add buffer length checks to every typefinding function
---
 gst/auparse/gstauparse.c | 3 +++
 gst/avi/gstavidemux.c    | 3 +++
 2 files changed, 6 insertions(+)

(limited to 'gst')

diff --git a/gst/auparse/gstauparse.c b/gst/auparse/gstauparse.c
index 82f802f1..9942fd7b 100644
--- a/gst/auparse/gstauparse.c
+++ b/gst/auparse/gstauparse.c
@@ -47,6 +47,9 @@ au_type_find (GstBuffer *buf, gpointer private)
   GstCaps *new = NULL;
   gulong *head = (gulong *) GST_BUFFER_DATA (buf);
 
+  if (GST_BUFFER_SIZE (buf) < 4)
+    return NULL;
+
   if (*head == 0x2e736e64 || *head == 0x646e732e)
     new = gst_caps_new ("au_type_find", "audio/au", NULL);
 
diff --git a/gst/avi/gstavidemux.c b/gst/avi/gstavidemux.c
index 8beea334..bb2abe5e 100644
--- a/gst/avi/gstavidemux.c
+++ b/gst/avi/gstavidemux.c
@@ -181,6 +181,9 @@ avi_type_find (GstBuffer *buf,
 
   GST_DEBUG ("avi_demux: typefind");
 
+  if (GST_BUFFER_SIZE (buf) < 12)
+    return NULL;
+
   if (GUINT32_FROM_LE (((guint32 *)data)[0]) != GST_RIFF_TAG_RIFF)
     return NULL;
   if (GUINT32_FROM_LE (((guint32 *)data)[2]) != GST_RIFF_RIFF_AVI)
-- 
cgit