wavparse: clip chunk size above the valid maximum (0x7fffffff)

author Vincent Penquerc'h <vincent.penquerch@collabora.co.uk>

Fri, 20 Mar 2015 12:18:37 +0000 (12:18 +0000)

committer Vincent Penquerc'h <vincent.penquerch@collabora.co.uk>

Tue, 7 Apr 2015 11:12:44 +0000 (12:12 +0100)
author Vincent Penquerc'h <vincent.penquerch@collabora.co.uk>
Fri, 20 Mar 2015 12:18:37 +0000 (12:18 +0000)
committer Vincent Penquerc'h <vincent.penquerch@collabora.co.uk>
Tue, 7 Apr 2015 11:12:44 +0000 (12:12 +0100)
diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c

index 35562a81bca0acc341dff8c3e6827c4ed31c284f..b0e34231ae5dcffcd714a2f4062ef3cbd25895a6 100644 (file)
--- a/gst/wavparse/gstwavparse.c
+++ b/gst/wavparse/gstwavparse.c
@@ -1264,6 +1264,12 @@ gst_wavparse_stream_headers (GstWavParse * wav)
          "Got TAG: %" GST_FOURCC_FORMAT ", offset %" G_GUINT64_FORMAT ", size %"
          G_GUINT32_FORMAT, GST_FOURCC_ARGS (tag), wav->offset, size);
  
          "Got TAG: %" GST_FOURCC_FORMAT ", offset %" G_GUINT64_FORMAT ", size %"
          G_GUINT32_FORMAT, GST_FOURCC_ARGS (tag), wav->offset, size);
  
+    /* Maximum valid size is INT_MAX */
+    if (size & 0x80000000) {
+      GST_WARNING_OBJECT (wav, "Invalid size, clipping to 0x7fffffff");
+      size = 0x7fffffff;
+    }
+
      /* Clip to upstream size if known */
      if (wav->datasize > 0 && size + wav->offset > wav->datasize) {
        GST_WARNING_OBJECT (wav, "Clipping chunk size to file size");
      /* Clip to upstream size if known */
      if (wav->datasize > 0 && size + wav->offset > wav->datasize) {
        GST_WARNING_OBJECT (wav, "Clipping chunk size to file size");
author	Vincent Penquerc'h <vincent.penquerch@collabora.co.uk>
	Fri, 20 Mar 2015 12:18:37 +0000 (12:18 +0000)
committer	Vincent Penquerc'h <vincent.penquerch@collabora.co.uk>
	Tue, 7 Apr 2015 11:12:44 +0000 (12:12 +0100)