diff --git a/subprojects/gst-plugins-good/gst/audioparsers/gstflacparse.c b/subprojects/gst-plugins-good/gst/audioparsers/gstflacparse.c index 8ee450c65a..89af1d7795 100644 --- a/subprojects/gst-plugins-good/gst/audioparsers/gstflacparse.c +++ b/subprojects/gst-plugins-good/gst/audioparsers/gstflacparse.c @@ -652,13 +652,15 @@ static gboolean gst_flac_parse_frame_is_valid (GstFlacParse * flacparse, const guint8 * data, gsize size, guint * ret) { - guint max, remaining; + guint max; guint i, search_start, search_end; FrameHeaderCheckReturn header_ret; guint16 block_size; gboolean suspect_start = FALSE, suspect_end = FALSE; - if (size < flacparse->min_framesize) + /* minimum frame header size is 5 bytes and we read that much + * without checking the size below */ + if (size < MAX (flacparse->min_framesize, 5)) goto need_more; header_ret = @@ -673,15 +675,14 @@ gst_flac_parse_frame_is_valid (GstFlacParse * flacparse, /* mind unknown framesize */ search_start = MAX (2, flacparse->min_framesize); + + /* at minimum 5 bytes are read below so stop 5 bytes before the end. + * we also checked above that at least 5 bytes are available. */ + search_end = size - 5; if (flacparse->max_framesize) - search_end = MIN (size, flacparse->max_framesize + 9 + 2); - else - search_end = size; - search_end -= 2; + search_end = MIN (search_end, flacparse->max_framesize + 9 + 2); - remaining = size; - - for (i = search_start; i < search_end; i++, remaining--) { + for (i = search_start; i < search_end; i++) { if ((GST_READ_UINT16_BE (data + i) & 0xfffe) != 0xfff8) continue; @@ -690,7 +691,7 @@ gst_flac_parse_frame_is_valid (GstFlacParse * flacparse, suspect_end = FALSE; header_ret = gst_flac_parse_frame_header_is_valid (flacparse, data + i, - remaining, FALSE, NULL, &suspect_end); + size - i, FALSE, NULL, &suspect_end); if (header_ret == FRAME_HEADER_VALID) { if (flacparse->check_frame_checksums || suspect_start || suspect_end) { guint16 actual_crc = gst_flac_calculate_crc16 (data, i - 2);