Skip to content

Commit d21017b

Browse files
committed
asfdemux: Check that we have enough data available before parsing bool/uint extended content descriptors
https://bugzilla.gnome.org/show_bug.cgi?id=777955
1 parent dec8800 commit d21017b

File tree

1 file changed

+12
-2
lines changed

1 file changed

+12
-2
lines changed

Diff for: gst/asfdemux/gstasfdemux.c

+12-2
Original file line numberDiff line numberDiff line change
@@ -3439,7 +3439,12 @@ gst_asf_demux_process_ext_content_desc (GstASFDemux * demux, guint8 * data,
34393439
break;
34403440
}
34413441
case ASF_DEMUX_DATA_TYPE_DWORD:{
3442-
guint uint_val = GST_READ_UINT32_LE (value);
3442+
guint uint_val;
3443+
3444+
if (value_len < 4)
3445+
break;
3446+
3447+
uint_val = GST_READ_UINT32_LE (value);
34433448

34443449
/* this is the track number */
34453450
g_value_init (&tag_value, G_TYPE_UINT);
@@ -3453,7 +3458,12 @@ gst_asf_demux_process_ext_content_desc (GstASFDemux * demux, guint8 * data,
34533458
}
34543459
/* Detect 3D */
34553460
case ASF_DEMUX_DATA_TYPE_BOOL:{
3456-
gboolean bool_val = GST_READ_UINT32_LE (value);
3461+
gboolean bool_val;
3462+
3463+
if (value_len < 4)
3464+
break;
3465+
3466+
bool_val = GST_READ_UINT32_LE (value);
34573467

34583468
if (strncmp ("Stereoscopic", name_utf8, strlen (name_utf8)) == 0) {
34593469
if (bool_val) {

0 commit comments

Comments
 (0)