pngenc: validate input buffer size

author René Stadler <mail@renestadler.de>

Sun, 16 Oct 2011 17:44:27 +0000 (19:44 +0200)

committer René Stadler <rene.stadler@collabora.co.uk>

Fri, 21 Oct 2011 08:25:51 +0000 (10:25 +0200)
author René Stadler <mail@renestadler.de>
Sun, 16 Oct 2011 17:44:27 +0000 (19:44 +0200)
committer René Stadler <rene.stadler@collabora.co.uk>
Fri, 21 Oct 2011 08:25:51 +0000 (10:25 +0200)
diff --git a/ext/libpng/gstpngenc.c b/ext/libpng/gstpngenc.c

index 21ab564..e59da9b 100644 (file)
--- a/ext/libpng/gstpngenc.c
+++ b/ext/libpng/gstpngenc.c
@@ -271,6 +271,14 @@ gst_pngenc_chain (GstPad * pad, GstBuffer * buf)
  
    GST_DEBUG_OBJECT (pngenc, "BEGINNING");
  
+  if (G_UNLIKELY (GST_BUFFER_SIZE (buf) < pngenc->height * pngenc->stride)) {
+    gst_buffer_unref (buf);
+    GST_ELEMENT_ERROR (pngenc, STREAM, FORMAT, (NULL),
+        ("Provided input buffer is too small, caps problem?"));
+    ret = GST_FLOW_ERROR;
+    goto done;
+  }
+
    /* initialize png struct stuff */
    pngenc->png_struct_ptr = png_create_write_struct (PNG_LIBPNG_VER_STRING,
        (png_voidp) NULL, user_error_fn, user_warning_fn);
author	René Stadler <mail@renestadler.de>
	Sun, 16 Oct 2011 17:44:27 +0000 (19:44 +0200)
committer	René Stadler <rene.stadler@collabora.co.uk>
	Fri, 21 Oct 2011 08:25:51 +0000 (10:25 +0200)