From: Reynaldo H. Verdejo Pinochet Date: Wed, 19 Feb 2014 16:56:37 +0000 (-0300) Subject: aacparse: be more strict at ADTS header parsing X-Git-Tag: 1.3.1~215 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=0898de65c8605f8d4a05c0ca8d1d484c328965e1;p=platform%2Fupstream%2Fgst-plugins-good.git aacparse: be more strict at ADTS header parsing Adds two extra checks: - Sampling frequency on header can't be 15. - Frame size should be at least 9 or 7, depending on whether CRC protection is present. https://bugzilla.gnome.org/show_bug.cgi?id=724638 --- diff --git a/gst/audioparsers/gstaacparse.c b/gst/audioparsers/gstaacparse.c index 901d4f0..f693097 100644 --- a/gst/audioparsers/gstaacparse.c +++ b/gst/audioparsers/gstaacparse.c @@ -387,13 +387,22 @@ gst_aac_parse_check_adts_frame (GstAacParse * aacparse, const guint8 * data, const guint avail, gboolean drain, guint * framesize, guint * needed_data) { + guint crc_size; + *needed_data = 0; - if (G_UNLIKELY (avail < 2)) + /* Absolute minimum to perform the ADTS syncword, + layer and sampling frequency tests */ + if (G_UNLIKELY (avail < 3)) return FALSE; + /* Syncword and layer tests */ if ((data[0] == 0xff) && ((data[1] & 0xf6) == 0xf0)) { + /* Sampling frequency test */ + if (G_UNLIKELY ((data[2] & 0x3C) >> 2 == 15)) + return FALSE; + /* This looks like an ADTS frame header but we need at least 6 bytes to proceed */ if (G_UNLIKELY (avail < 6)) { @@ -403,6 +412,14 @@ gst_aac_parse_check_adts_frame (GstAacParse * aacparse, *framesize = gst_aac_parse_adts_get_frame_len (data); + /* If frame has CRC, it needs 2 bytes + for it at the end of the header */ + crc_size = (data[1] & 0x01) ? 0 : 2; + + /* CRC size test */ + if (*framesize < 7 + crc_size) + return FALSE; + /* In EOS mode this is enough. No need to examine the data further. We also relax the check when we have sync, on the assumption that if we're not looking at random data, we have a much higher chance