From 2657fc1fdd5ea761889c427188d5ae34d5fd9ca1 Mon Sep 17 00:00:00 2001 From: Edward Hervey Date: Fri, 6 Jul 2018 13:48:09 +0200 Subject: [PATCH] typefindfunctions: Bail out on huge EBML chunks We can't handle/store more than guint32 anyway --- gst/typefind/gsttypefindfunctions.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/gst/typefind/gsttypefindfunctions.c b/gst/typefind/gsttypefindfunctions.c index b260999dbf..8d3b6fd455 100644 --- a/gst/typefind/gsttypefindfunctions.c +++ b/gst/typefind/gsttypefindfunctions.c @@ -4388,6 +4388,11 @@ ebml_parse_chunk (GstTypeFind * tf, DataScanCtx * ctx, guint32 chunk_id, SPACES + sizeof (SPACES) - 1 - (2 * depth), id, element_size, hdr_len + element_size); + if (element_size >= G_MAXUINT32) { + GST_DEBUG ("Chunk too big for typefinding"); + return FALSE; + } + if (!data_scan_ctx_ensure_data (tf, &c, element_size)) { GST_DEBUG ("not enough data"); return FALSE;