projects / platform / upstream / gst-plugins-good.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7a6752a)
qtdemux: sanity check number of segments in edit list
authorTim-Philipp Müller <tim@centricular.com>
Mon, 30 Jan 2017 20:20:08 +0000 (20:20 +0000)
committerTim-Philipp Müller <tim@centricular.com>
Tue, 31 Jan 2017 20:46:41 +0000 (20:46 +0000)
Fixes crash with fuzzed file.

https://bugzilla.gnome.org/show_bug.cgi?id=777940

gst/isomp4/qtdemux.c patch | blob | history

diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
index 3e2ef06..2d9cc2a 100644 (file)
--- a/gst/isomp4/qtdemux.c
+++ b/gst/isomp4/qtdemux.c
@@ -8772,7 +8772,7 @@ qtdemux_parse_segments (GstQTDemux * qtdemux, QtDemuxStream * stream,
 
     n_segments = QT_UINT32 (buffer + 12);
 
-    if (size < 16 + n_segments * entry_size) {
+    if (n_segments > 100000 || size < 16 + n_segments * entry_size) {
       GST_WARNING_OBJECT (qtdemux, "Invalid edit list");
       goto done;
     }
Domain: Multimedia / Media Common;