From: Martin Theriault <mtheriault@espial.com>
Date: Mon, 15 Jul 2019 19:48:08 +0000 (-0400)
Subject: aiff: Fix infinite loop in header parsing.
X-Git-Tag: 1.16.2~64
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a01f03dd9551a1f632de52bc62b13509cdd809e3;p=platform%2Fupstream%2Fgst-plugins-bad.git

aiff: Fix infinite loop in header parsing.
---

diff --git a/gst/aiff/aiffparse.c b/gst/aiff/aiffparse.c
index b1b1167..8543b0e 100644
--- a/gst/aiff/aiffparse.c
+++ b/gst/aiff/aiffparse.c
@@ -643,14 +643,17 @@ gst_aiff_parse_calculate_duration (GstAiffParse * aiff)
   return FALSE;
 }
 
-static void
+static gboolean
 gst_aiff_parse_ignore_chunk (GstAiffParse * aiff, guint32 tag, guint32 size)
 {
   guint flush;
 
   if (aiff->streaming) {
-    if (!gst_aiff_parse_peek_chunk (aiff, &tag, &size))
-      return;
+    if (!gst_aiff_parse_peek_chunk (aiff, &tag, &size)) {
+      GST_LOG_OBJECT (aiff, "Not enough data to skip tag %" GST_FOURCC_FORMAT,
+          GST_FOURCC_ARGS (tag));
+      return FALSE;
+    }
   }
   GST_WARNING_OBJECT (aiff, "Ignoring tag %" GST_FOURCC_FORMAT,
       GST_FOURCC_ARGS (tag));
@@ -659,6 +662,7 @@ gst_aiff_parse_ignore_chunk (GstAiffParse * aiff, guint32 tag, guint32 size)
   if (aiff->streaming) {
     gst_adapter_flush (aiff->adapter, flush);
   }
+  return TRUE;
 }
 
 static double
@@ -1116,11 +1120,15 @@ gst_aiff_parse_stream_headers (GstAiffParse * aiff)
       }
       case GST_MAKE_FOURCC ('C', 'H', 'A', 'N'):{
         GST_FIXME_OBJECT (aiff, "Handle CHAN chunk with channel layouts");
-        gst_aiff_parse_ignore_chunk (aiff, tag, size);
+        if (!gst_aiff_parse_ignore_chunk (aiff, tag, size)) {
+          return GST_FLOW_OK;
+        }
         break;
       }
       default:
-        gst_aiff_parse_ignore_chunk (aiff, tag, size);
+        if (!gst_aiff_parse_ignore_chunk (aiff, tag, size)) {
+          return GST_FLOW_OK;
+        }
     }
 
     buf = NULL;