matroskamux: fix possible crash with malformed dirac codec_data

author René Stadler <rene.stadler@collabora.co.uk>

Tue, 11 Oct 2011 20:10:27 +0000 (22:10 +0200)

committer René Stadler <rene.stadler@collabora.co.uk>

Fri, 21 Oct 2011 20:41:57 +0000 (22:41 +0200)
author René Stadler <rene.stadler@collabora.co.uk>
Tue, 11 Oct 2011 20:10:27 +0000 (22:10 +0200)
committer René Stadler <rene.stadler@collabora.co.uk>
Fri, 21 Oct 2011 20:41:57 +0000 (22:41 +0200)
diff --git a/gst/matroska/matroska-mux.c b/gst/matroska/matroska-mux.c

index b0ff579..5204b39 100644 (file)
--- a/gst/matroska/matroska-mux.c
+++ b/gst/matroska/matroska-mux.c
@@ -2594,7 +2594,7 @@ gst_matroska_mux_handle_dirac_packet (GstMatroskaMux * mux,
  
      next_parse_offset = GST_READ_UINT32_BE (data + 5);
  
-    if (G_UNLIKELY (next_parse_offset == 0))
+    if (G_UNLIKELY (next_parse_offset == 0 || next_parse_offset > size))
        break;
  
      data += next_parse_offset;
author	René Stadler <rene.stadler@collabora.co.uk>
	Tue, 11 Oct 2011 20:10:27 +0000 (22:10 +0200)
committer	René Stadler <rene.stadler@collabora.co.uk>
	Fri, 21 Oct 2011 20:41:57 +0000 (22:41 +0200)