matroskademux: Verify lace size in _parse_blockgroup_or_simpleblock

author Philip Jägenstedt <philipj@opera.com>

Thu, 13 May 2010 10:10:54 +0000 (12:10 +0200)

committer Sebastian Dröge <sebastian.droege@collabora.co.uk>

Wed, 19 May 2010 18:35:52 +0000 (20:35 +0200)
author Philip Jägenstedt <philipj@opera.com>
Thu, 13 May 2010 10:10:54 +0000 (12:10 +0200)
committer Sebastian Dröge <sebastian.droege@collabora.co.uk>
Wed, 19 May 2010 18:35:52 +0000 (20:35 +0200)
diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c

index 0dfd941..8478893 100644 (file)
--- a/gst/matroska/matroska-demux.c
+++ b/gst/matroska/matroska-demux.c
@@ -4636,6 +4636,11 @@ gst_matroska_demux_parse_blockgroup_or_simpleblock (GstMatroskaDemux * demux,
      for (n = 0; n < laces; n++) {
        GstBuffer *sub;
  
+      if (G_UNLIKELY (lace_size[n] > size)) {
+        GST_WARNING_OBJECT (demux, "Invalid lace size");
+        break;
+      }
+
        sub = gst_buffer_create_sub (buf,
            GST_BUFFER_SIZE (buf) - size, lace_size[n]);
        GST_DEBUG_OBJECT (demux, "created subbuffer %p", sub);
author	Philip Jägenstedt <philipj@opera.com>
	Thu, 13 May 2010 10:10:54 +0000 (12:10 +0200)
committer	Sebastian Dröge <sebastian.droege@collabora.co.uk>
	Wed, 19 May 2010 18:35:52 +0000 (20:35 +0200)