FaSTTUBe/GST-Tensordecoder-ov_ep
37
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

riff: prevent crash if rounded up tag size exceeds data size

Browse Source 
When rounding up `tsize' exceeds the remaining buffer size, `size' underflows
and an invalid read past the buffer data follows.
This commit is contained in:
René Stadler 2009-06-27 00:50:54 +03:00
parent 939baee2bd
commit 41b7504e9c
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
gst-libs/gst/riff/riff-read.c
View File

@ -728,8 +728,11 @@ gst_riff_parse_info (GstElement * element,
} }
} }
if (tsize & 1) if (tsize & 1) {
tsize++; tsize++;
if (tsize > size)
tsize = size;
}
data += tsize; data += tsize;
size -= tsize; size -= tsize;