From 322baf19c80857f1f2b016ec6bf043d09c67d154 Mon Sep 17 00:00:00 2001
From: David Schleef <ds@schleef.org>
Date: Thu, 24 Jul 2003 08:49:42 +0000
Subject: [PATCH] Add buffer length checks to every typefinding function

Original commit message from CVS:
Add buffer length checks to every typefinding function
---
 ext/dv/gstdvdec.c        | 7 ++++++-
 ext/flac/gstflac.c       | 6 +++++-
 gst/auparse/gstauparse.c | 3 +++
 gst/avi/gstavidemux.c    | 3 +++
 4 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/ext/dv/gstdvdec.c b/ext/dv/gstdvdec.c
index d7500cc..e28f836 100644
--- a/ext/dv/gstdvdec.c
+++ b/ext/dv/gstdvdec.c
@@ -161,9 +161,14 @@ GST_PAD_TEMPLATE_FACTORY ( audio_src_temp,
 static GstCaps*
 dv_type_find (GstBuffer *buf, gpointer private)
 {
-  guint32 head = GUINT32_FROM_BE(*((guint32 *)GST_BUFFER_DATA(buf)));
+  guint32 head;
   GstCaps *new = NULL;
 
+  if (GST_BUFFER_SIZE (buf) < 5)
+    return NULL;
+
+  head = GUINT32_FROM_BE(*((guint32 *)GST_BUFFER_DATA(buf)));
+
   /* check for DIF  and DV flag */
   if ((head & 0xffffff00) == 0x1f070000 && !(GST_BUFFER_DATA(buf)[4] & 0x01)) {
     gchar *format;
diff --git a/ext/flac/gstflac.c b/ext/flac/gstflac.c
index af10d79..b8dd73e 100644
--- a/ext/flac/gstflac.c
+++ b/ext/flac/gstflac.c
@@ -71,8 +71,12 @@ static GstTypeDefinition flacdefinition = {
 static GstCaps* 
 flac_type_find (GstBuffer *buf, gpointer private) 
 {
-  guint32 head = GUINT32_FROM_BE (*((guint32 *)GST_BUFFER_DATA (buf)));
+  guint32 head;
+  
+  if (GST_BUFFER_SIZE (buf) < 4)
+    return NULL;
 
+  head = GUINT32_FROM_BE (*((guint32 *)GST_BUFFER_DATA (buf)));
   if (head  != 0x664C6143)
     return NULL;
 
diff --git a/gst/auparse/gstauparse.c b/gst/auparse/gstauparse.c
index 82f802f..9942fd7 100644
--- a/gst/auparse/gstauparse.c
+++ b/gst/auparse/gstauparse.c
@@ -47,6 +47,9 @@ au_type_find (GstBuffer *buf, gpointer private)
   GstCaps *new = NULL;
   gulong *head = (gulong *) GST_BUFFER_DATA (buf);
 
+  if (GST_BUFFER_SIZE (buf) < 4)
+    return NULL;
+
   if (*head == 0x2e736e64 || *head == 0x646e732e)
     new = gst_caps_new ("au_type_find", "audio/au", NULL);
 
diff --git a/gst/avi/gstavidemux.c b/gst/avi/gstavidemux.c
index 8beea33..bb2abe5 100644
--- a/gst/avi/gstavidemux.c
+++ b/gst/avi/gstavidemux.c
@@ -181,6 +181,9 @@ avi_type_find (GstBuffer *buf,
 
   GST_DEBUG ("avi_demux: typefind");
 
+  if (GST_BUFFER_SIZE (buf) < 12)
+    return NULL;
+
   if (GUINT32_FROM_LE (((guint32 *)data)[0]) != GST_RIFF_TAG_RIFF)
     return NULL;
   if (GUINT32_FROM_LE (((guint32 *)data)[2]) != GST_RIFF_RIFF_AVI)
-- 
2.7.4