From 73c1153f52dc109a1ee5d6eb3be9a4e41c5c3bde Mon Sep 17 00:00:00 2001 From: Jan Schmidt Date: Wed, 25 Jan 2006 18:23:05 +0000 Subject: [PATCH] gst/id3demux/id3v2frames.c: Never trust ANY information encoded in a media file, especially when it's giving you size... Original commit message from CVS: * gst/id3demux/id3v2frames.c: (id3demux_id3v2_parse_frame): Never trust ANY information encoded in a media file, especially when it's giving you sizes. (Fixes #328452) --- ChangeLog | 6 ++++++ gst/id3demux/id3v2frames.c | 11 +++++++++++ 2 files changed, 17 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4bee558b01..a05348a7cc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2006-01-25 Jan Schmidt + + * gst/id3demux/id3v2frames.c: (id3demux_id3v2_parse_frame): + Never trust ANY information encoded in a media file, especially + when it's giving you sizes. (Fixes #328452) + 2006-01-24 Edgard Lima * gst/rtp/gstrtpg711pay.c: diff --git a/gst/id3demux/id3v2frames.c b/gst/id3demux/id3v2frames.c index 0bc48e1db5..c4c41ff00d 100644 --- a/gst/id3demux/id3v2frames.c +++ b/gst/id3demux/id3v2frames.c @@ -95,6 +95,11 @@ id3demux_id3v2_parse_frame (ID3TagsWorking * work) work->parse_size = read_synch_uint (frame_data, 4); frame_data += 4; frame_data_size -= 4; + if (work->parse_size < frame_data_size) { + GST_WARNING ("ID3v2 frame %s has invalid size %d.", tag_name, + frame_data_size); + return FALSE; + } } else work->parse_size = frame_data_size; @@ -113,6 +118,12 @@ id3demux_id3v2_parse_frame (ID3TagsWorking * work) g_free (work->parse_data); return FALSE; } + if (destSize != work->parse_size) { + GST_WARNING + ("Decompressing ID3v2 frame %s did not produce expected size %d bytes (got %d)", + tag_name, work->parse_data, destSize); + return FALSE; + } #else GST_WARNING ("Compressed ID3v2 tag frame could not be decompressed" " because gstid3demux was compiled without zlib support");