apply cve patch for security weakness

author Sejun Park <sejun79.park@samsung.com>

Thu, 1 Jun 2017 06:09:02 +0000 (15:09 +0900)

committer Sejun Park <sejun79.park@samsung.com>

Thu, 1 Jun 2017 06:17:32 +0000 (15:17 +0900)
author Sejun Park <sejun79.park@samsung.com>
Thu, 1 Jun 2017 06:09:02 +0000 (15:09 +0900)
committer Sejun Park <sejun79.park@samsung.com>
Thu, 1 Jun 2017 06:17:32 +0000 (15:17 +0900)
diff --git a/gst/asfdemux/gstasfdemux.c b/gst/asfdemux/gstasfdemux.c

index 4bf0619..2db00d2 100644 (file)
--- a/gst/asfdemux/gstasfdemux.c
+++ b/gst/asfdemux/gstasfdemux.c
@@ -3203,7 +3203,12 @@ gst_asf_demux_process_ext_content_desc (GstASFDemux * demux, guint8 * data,
            break;
          }
          case ASF_DEMUX_DATA_TYPE_DWORD:{
-          guint uint_val = GST_READ_UINT32_LE (value);
+          guint uint_val;
+
+          if (value_len < 4)
+            break;
+
+          uint_val = GST_READ_UINT32_LE (value);
  
            /* this is the track number */
            g_value_init (&tag_value, G_TYPE_UINT);
@@ -3217,7 +3222,12 @@ gst_asf_demux_process_ext_content_desc (GstASFDemux * demux, guint8 * data,
          }
            /* Detect 3D */
          case ASF_DEMUX_DATA_TYPE_BOOL:{
-          gboolean bool_val = GST_READ_UINT32_LE (value);
+          gboolean bool_val;
+
+          if (value_len < 4)
+            break;
+
+          bool_val = GST_READ_UINT32_LE (value);
  
            if (strncmp ("Stereoscopic", name_utf8, strlen (name_utf8)) == 0) {
              if (bool_val) {
author	Sejun Park <sejun79.park@samsung.com>
	Thu, 1 Jun 2017 06:09:02 +0000 (15:09 +0900)
committer	Sejun Park <sejun79.park@samsung.com>
	Thu, 1 Jun 2017 06:17:32 +0000 (15:17 +0900)