From f3e65f1c9374df13e4fa082bc750ce94e38c58de Mon Sep 17 00:00:00 2001 From: =?utf8?q?Philip=20J=C3=A4genstedt?= Date: Wed, 15 Jun 2011 13:51:31 +0200 Subject: [PATCH] typefind: NULL check in degas_type_find The length check isn't sufficient, an source might report the correct length, but then still fail to read the requested number of bytes for some reason. https://bugzilla.gnome.org/show_bug.cgi?id=652642 --- gst/typefind/gsttypefindfunctions.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/gst/typefind/gsttypefindfunctions.c b/gst/typefind/gsttypefindfunctions.c index 55152e8..ed393d8 100644 --- a/gst/typefind/gsttypefindfunctions.c +++ b/gst/typefind/gsttypefindfunctions.c @@ -4078,6 +4078,8 @@ degas_type_find (GstTypeFind * tf, gpointer private) if (len < 34) /* smallest header of the lot */ return; data = gst_type_find_peek (tf, 0, 4); + if (G_UNLIKELY (data == NULL)) + return; resolution = GST_READ_UINT16_BE (data); if (len == 32034) { /* could be DEGAS */ @@ -4088,6 +4090,8 @@ degas_type_find (GstTypeFind * tf, gpointer private) /* could be DEGAS Elite */ if (resolution <= 2) { data = gst_type_find_peek (tf, len - 16, 8); + if (G_UNLIKELY (data == NULL)) + return; for (n = 0; n < 4; n++) { if (GST_READ_UINT16_BE (data + n * 2) > 2) return; @@ -4100,6 +4104,8 @@ degas_type_find (GstTypeFind * tf, gpointer private) it does have 4 16 bytes values near the end that are 0-2 though. */ if ((resolution & 0x8000) && (resolution & 0x7fff) <= 2) { data = gst_type_find_peek (tf, len - 16, 8); + if (G_UNLIKELY (data == NULL)) + return; for (n = 0; n < 4; n++) { if (GST_READ_UINT16_BE (data + n * 2) > 2) return; -- 2.7.4