From 9fda7b107f691b4f76b4f58d17a5f7fe2b96e9d5 Mon Sep 17 00:00:00 2001
From: Thiago Santos <ts.santos@sisa.samsung.com>
Date: Tue, 10 Jun 2014 15:33:33 -0300
Subject: [PATCH] qtdemux: avoid looping indefinitely in broken svq3 files

Abort if an atom with size 0 is read from within the svq3 stsd
atoms

https://bugzilla.gnome.org/show_bug.cgi?id=726512
---
 gst/isomp4/qtdemux.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
index 2824dca..7df6259 100644
--- a/gst/isomp4/qtdemux.c
+++ b/gst/isomp4/qtdemux.c
@@ -6914,6 +6914,12 @@ qtdemux_parse_svq3_stsd_data (GstQTDemux * qtdemux, GNode * stsd,
         fourcc = QT_FOURCC (stsd_data + 4);
         data = stsd_data + 8;
 
+        if (size == 0) {
+          GST_WARNING_OBJECT (qtdemux, "Atom of size 0 found, aborting "
+              "svq3 atom parsing");
+          goto end;
+        }
+
         switch (fourcc) {
           case FOURCC_gama:{
             if (size == 12) {
-- 
2.7.4