gst/id3demux/id3v2frames.c: Never trust ANY information encoded in a media file,...

Original commit message from CVS:
* gst/id3demux/id3v2frames.c: (id3demux_id3v2_parse_frame):
Never trust ANY information encoded in a media file, especially
when it's giving you sizes. (Fixes #328452)

diff --git a/ChangeLog b/ChangeLog
index 4bee558b01ba52b1549cdae87631c639cdbaea79..a05348a7cc3dba9cd21457c325e25d49b8949a76 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2006-01-25  Jan Schmidt  <thaytan@mad.scientist.com>
+
+       * gst/id3demux/id3v2frames.c: (id3demux_id3v2_parse_frame):
+       Never trust ANY information encoded in a media file, especially
+       when it's giving you sizes. (Fixes #328452)
+
 2006-01-24  Edgard Lima <edgard.lima@indt.org.br>
 
        * gst/rtp/gstrtpg711pay.c:

diff --git a/gst/id3demux/id3v2frames.c b/gst/id3demux/id3v2frames.c
index 0bc48e1db5fbc8ee19a17fa2d9f002d269ae34f9..c4c41ff00d210502749c4f0efb477104fc348202 100644 (file)
--- a/gst/id3demux/id3v2frames.c
+++ b/gst/id3demux/id3v2frames.c
@@ -95,6 +95,11 @@ id3demux_id3v2_parse_frame (ID3TagsWorking * work)
     work->parse_size = read_synch_uint (frame_data, 4);
     frame_data += 4;
     frame_data_size -= 4;
+    if (work->parse_size < frame_data_size) {
+      GST_WARNING ("ID3v2 frame %s has invalid size %d.", tag_name,
+          frame_data_size);
+      return FALSE;
+    }
   } else
     work->parse_size = frame_data_size;
 
@@ -113,6 +118,12 @@ id3demux_id3v2_parse_frame (ID3TagsWorking * work)
       g_free (work->parse_data);
       return FALSE;
     }
+    if (destSize != work->parse_size) {
+      GST_WARNING
+          ("Decompressing ID3v2 frame %s did not produce expected size %d bytes (got %d)",
+          tag_name, work->parse_data, destSize);
+      return FALSE;
+    }
 #else
     GST_WARNING ("Compressed ID3v2 tag frame could not be decompressed"
         " because gstid3demux was compiled without zlib support");