From 05854f74c52b713ad68e8ecae9abab8e0cbb3956 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim-Philipp=20M=C3=BCller?= Date: Sun, 23 May 2021 01:28:11 +0100 Subject: [PATCH] matroskademux: use g_memdup2() as g_memdup() is deprecated - ebml-read: add some sanity checks when going from 64-bit to 32-bit length - matroska-ids: codec_data_size has been checked via gst_ebml_read_binary(), is existing allocation. - matroska-demux: alloc size is from existing allocations g_memdup() is deprecated since GLib 2.68 and we want to avoid deprecation warnings with recent versions of GLib. Also use gst_buffer_new_memdup() instead of _wrapped(g_memdup(),..). Part-of: --- gst/matroska/ebml-read.c | 15 ++++++++++++++- gst/matroska/matroska-demux.c | 31 ++++++++++++------------------- gst/matroska/matroska-ids.c | 15 ++++++--------- gst/matroska/matroska-read-common.c | 4 ++-- 4 files changed, 34 insertions(+), 31 deletions(-) diff --git a/gst/matroska/ebml-read.c b/gst/matroska/ebml-read.c index 004fa3a..f66990b 100644 --- a/gst/matroska/ebml-read.c +++ b/gst/matroska/ebml-read.c @@ -366,6 +366,19 @@ gst_ebml_read_bytes (GstEbmlRead * ebml, guint32 * id, const guint8 ** data, if (!gst_byte_reader_skip (gst_ebml_read_br (ebml), prefix)) return GST_FLOW_ERROR; /* FIXME: do proper error handling */ + /* This shouldn't happen here with the elements read through this function */ + if (length == GST_EBML_SIZE_UNKNOWN || length == G_MAXUINT64) { + GST_ERROR_OBJECT (ebml->el, "element 0x%x has undefined length!", *id); + return GST_FLOW_ERROR; + } + + /* Sanity check since we're downcasting a 64-bit len to possibly 32-bit here */ + if (length >= G_MAXUINT) { + GST_ERROR_OBJECT (ebml->el, "element 0x%x too large, " + "size %" G_GUINT64_FORMAT, *id, length); + return GST_FLOW_ERROR; + } + *data = NULL; if (G_LIKELY (length > 0)) { if (!gst_byte_reader_get_data (gst_ebml_read_br (ebml), length, data)) @@ -663,7 +676,7 @@ gst_ebml_read_binary (GstEbmlRead * ebml, return ret; *length = size; - *binary = g_memdup (data, size); + *binary = g_memdup2 (data, size); return GST_FLOW_OK; } diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c index 940f842..3a49b2f 100644 --- a/gst/matroska/matroska-demux.c +++ b/gst/matroska/matroska-demux.c @@ -3845,8 +3845,7 @@ gst_matroska_demux_add_mpeg_seq_header (GstElement * element, GST_DEBUG_OBJECT (element, "Prepending MPEG sequence header"); - newbuf = gst_buffer_new_wrapped (g_memdup (seq_header, seq_header_len), - seq_header_len); + newbuf = gst_buffer_new_memdup (seq_header, seq_header_len); gst_buffer_copy_into (newbuf, *buf, GST_BUFFER_COPY_TIMESTAMPS | GST_BUFFER_COPY_FLAGS | GST_BUFFER_COPY_MEMORY, 0, @@ -6386,9 +6385,7 @@ gst_matroska_demux_video_caps (GstMatroskaTrackVideoContext * if (size > sizeof (gst_riff_strf_vids)) { /* some extra_data */ gsize offset = sizeof (gst_riff_strf_vids); - buf = - gst_buffer_new_wrapped (g_memdup ((guint8 *) vids + offset, - size - offset), size - offset); + buf = gst_buffer_new_memdup ((guint8 *) vids + offset, size - offset); } if (riff_fourcc) @@ -6470,7 +6467,7 @@ gst_matroska_demux_video_caps (GstMatroskaTrackVideoContext * if (data) { GstBuffer *priv; - priv = gst_buffer_new_wrapped (g_memdup (data, size), size); + priv = gst_buffer_new_memdup (data, size); gst_caps_set_simple (caps, "codec_data", GST_TYPE_BUFFER, priv, NULL); gst_buffer_unref (priv); @@ -6519,7 +6516,7 @@ gst_matroska_demux_video_caps (GstMatroskaTrackVideoContext * gst_codec_utils_h264_caps_set_level_and_profile (caps, data + 1, size - 1); - priv = gst_buffer_new_wrapped (g_memdup (data, size), size); + priv = gst_buffer_new_memdup (data, size); gst_caps_set_simple (caps, "codec_data", GST_TYPE_BUFFER, priv, NULL); gst_buffer_unref (priv); @@ -6539,7 +6536,7 @@ gst_matroska_demux_video_caps (GstMatroskaTrackVideoContext * gst_codec_utils_h265_caps_set_level_tier_and_profile (caps, data + 1, size - 1); - priv = gst_buffer_new_wrapped (g_memdup (data, size), size); + priv = gst_buffer_new_memdup (data, size); gst_caps_set_simple (caps, "codec_data", GST_TYPE_BUFFER, priv, NULL); gst_buffer_unref (priv); @@ -6578,9 +6575,7 @@ gst_matroska_demux_video_caps (GstMatroskaTrackVideoContext * subformat = GST_READ_UINT32_BE (data + 0x1a); rformat = GST_READ_UINT32_BE (data + 0x1e); - priv = - gst_buffer_new_wrapped (g_memdup (data + 0x1a, size - 0x1a), - size - 0x1a); + priv = gst_buffer_new_memdup (data + 0x1a, size - 0x1a); gst_caps_set_simple (caps, "codec_data", GST_TYPE_BUFFER, priv, "format", G_TYPE_INT, rformat, "subformat", G_TYPE_INT, subformat, NULL); gst_buffer_unref (priv); @@ -6612,7 +6607,7 @@ gst_matroska_demux_video_caps (GstMatroskaTrackVideoContext * if (data) { GstBuffer *priv; - priv = gst_buffer_new_wrapped (g_memdup (data, size), size); + priv = gst_buffer_new_memdup (data, size); gst_caps_set_simple (caps, "codec_data", GST_TYPE_BUFFER, priv, NULL); gst_buffer_unref (priv); } else { @@ -7012,8 +7007,7 @@ gst_matroska_demux_audio_caps (GstMatroskaTrackAudioContext * } tmp = - gst_buffer_new_wrapped (g_memdup (context->codec_priv, - context->codec_priv_size), context->codec_priv_size); + gst_buffer_new_memdup (context->codec_priv, context->codec_priv_size); caps = gst_codec_utils_opus_create_caps_from_header (tmp, NULL); gst_buffer_unref (tmp); *codec_name = g_strdup ("Opus"); @@ -7103,8 +7097,8 @@ gst_matroska_demux_audio_caps (GstMatroskaTrackAudioContext * if (freq_index == 15) explicit_freq_bytes = 3; GST_DEBUG ("obj_type = %u, freq_index = %u", obj_type, freq_index); - priv = gst_buffer_new_wrapped (g_memdup (context->codec_priv, - context->codec_priv_size), context->codec_priv_size); + priv = gst_buffer_new_memdup (context->codec_priv, + context->codec_priv_size); /* assume SBR if samplerate <= 24kHz */ if (obj_type == 5 || (freq_index >= 6 && freq_index != 15) || (context->codec_priv_size == (5 + explicit_freq_bytes))) { @@ -7234,8 +7228,7 @@ gst_matroska_demux_audio_caps (GstMatroskaTrackAudioContext * G_TYPE_INT, leaf_size, "width", G_TYPE_INT, sample_width, NULL); if ((size - 78) >= extra_data_size) { - priv = gst_buffer_new_wrapped (g_memdup (data + 78, extra_data_size), - extra_data_size); + priv = gst_buffer_new_memdup (data + 78, extra_data_size); gst_caps_set_simple (caps, "codec_data", GST_TYPE_BUFFER, priv, NULL); gst_buffer_unref (priv); } @@ -7337,7 +7330,7 @@ gst_matroska_demux_subtitle_caps (GstMatroskaTrackSubtitleContext * if (data != NULL && size > 0) { GstBuffer *buf; - buf = gst_buffer_new_wrapped (g_memdup (data, size), size); + buf = gst_buffer_new_memdup (data, size); gst_caps_set_simple (caps, "codec_data", GST_TYPE_BUFFER, buf, NULL); gst_buffer_unref (buf); } diff --git a/gst/matroska/matroska-ids.c b/gst/matroska/matroska-ids.c index 633171f..eca5279 100644 --- a/gst/matroska/matroska-ids.c +++ b/gst/matroska/matroska-ids.c @@ -189,7 +189,7 @@ gst_matroska_parse_xiph_stream_headers (gpointer codec_data, if (offset + length[i] > codec_data_size) goto error; - hdr = gst_buffer_new_wrapped (g_memdup (p + offset, length[i]), length[i]); + hdr = gst_buffer_new_memdup (p + offset, length[i]); gst_buffer_list_add (list, hdr); offset += length[i]; @@ -228,12 +228,11 @@ gst_matroska_parse_speex_stream_headers (gpointer codec_data, list = gst_buffer_list_new (); - hdr = gst_buffer_new_wrapped (g_memdup (pdata, 80), 80); + hdr = gst_buffer_new_memdup (pdata, 80); gst_buffer_list_add (list, hdr); if (codec_data_size > 80) { - hdr = gst_buffer_new_wrapped (g_memdup (pdata + 80, codec_data_size - 80), - codec_data_size - 80); + hdr = gst_buffer_new_memdup (pdata + 80, codec_data_size - 80); gst_buffer_list_add (list, hdr); } @@ -262,9 +261,7 @@ gst_matroska_parse_opus_stream_headers (gpointer codec_data, list = gst_buffer_list_new (); - hdr = - gst_buffer_new_wrapped (g_memdup (pdata, codec_data_size), - codec_data_size); + hdr = gst_buffer_new_memdup (pdata, codec_data_size); gst_buffer_list_add (list, hdr); return list; @@ -294,7 +291,7 @@ gst_matroska_parse_flac_stream_headers (gpointer codec_data, list = gst_buffer_list_new (); - hdr = gst_buffer_new_wrapped (g_memdup (pdata, 4), 4); + hdr = gst_buffer_new_memdup (pdata, 4); gst_buffer_list_add (list, hdr); /* skip fLaC marker */ @@ -312,7 +309,7 @@ gst_matroska_parse_flac_stream_headers (gpointer codec_data, return NULL; } - hdr = gst_buffer_new_wrapped (g_memdup (pdata + off, len + 4), len + 4); + hdr = gst_buffer_new_memdup (pdata + off, len + 4); gst_buffer_list_add (list, hdr); off += 4 + len; diff --git a/gst/matroska/matroska-read-common.c b/gst/matroska/matroska-read-common.c index 90d6e38..062044f 100644 --- a/gst/matroska/matroska-read-common.c +++ b/gst/matroska/matroska-read-common.c @@ -797,7 +797,7 @@ gst_matroska_read_common_parse_attached_file (GstMatroskaReadCommon * common, DEBUG_ELEMENT_STOP (common, ebml, "AttachedFile", ret); - if (filename && mimetype && data && datalen > 0) { + if (filename && mimetype && data && datalen > 0 && datalen < G_MAXUINT) { GstTagImageType image_type = GST_TAG_IMAGE_TYPE_NONE; GstBuffer *tagbuffer = NULL; GstSample *tagsample = NULL; @@ -843,7 +843,7 @@ gst_matroska_read_common_parse_attached_file (GstMatroskaReadCommon * common, /* if this failed create an attachment buffer */ if (!tagbuffer) { - tagbuffer = gst_buffer_new_wrapped (g_memdup (data, datalen), datalen); + tagbuffer = gst_buffer_new_memdup (data, datalen); caps = gst_type_find_helper_for_buffer (NULL, tagbuffer, NULL); if (caps == NULL) -- 2.7.4