typefindfunctions: Bail out on huge EBML chunks

author Edward Hervey <edward@centricular.com>

Fri, 6 Jul 2018 11:48:09 +0000 (13:48 +0200)

committer Edward Hervey <bilboed@bilboed.com>

Fri, 6 Jul 2018 11:48:09 +0000 (13:48 +0200)
author Edward Hervey <edward@centricular.com>
Fri, 6 Jul 2018 11:48:09 +0000 (13:48 +0200)
committer Edward Hervey <bilboed@bilboed.com>
Fri, 6 Jul 2018 11:48:09 +0000 (13:48 +0200)
diff --git a/gst/typefind/gsttypefindfunctions.c b/gst/typefind/gsttypefindfunctions.c

index b260999dbf0d5427efe7fed476abb8fcfdf0b43a..8d3b6fd45507954ea67162168b2a8c490a589105 100644 (file)
--- a/gst/typefind/gsttypefindfunctions.c
+++ b/gst/typefind/gsttypefindfunctions.c
@@ -4388,6 +4388,11 @@ ebml_parse_chunk (GstTypeFind * tf, DataScanCtx * ctx, guint32 chunk_id,
          SPACES + sizeof (SPACES) - 1 - (2 * depth), id, element_size,
          hdr_len + element_size);
  
+    if (element_size >= G_MAXUINT32) {
+      GST_DEBUG ("Chunk too big for typefinding");
+      return FALSE;
+    }
+
      if (!data_scan_ctx_ensure_data (tf, &c, element_size)) {
        GST_DEBUG ("not enough data");
        return FALSE;
author	Edward Hervey <edward@centricular.com>
	Fri, 6 Jul 2018 11:48:09 +0000 (13:48 +0200)
committer	Edward Hervey <bilboed@bilboed.com>
	Fri, 6 Jul 2018 11:48:09 +0000 (13:48 +0200)