Commit cb960763 authored by Yang Xichuan's avatar Yang Xichuan Committed by Sebastian Dröge
Browse files

oggparse: Make gst_ogg_parse_submit_buffer() safe

By not passing zero-sized buffers to ogg_sync_buffer()
and checking the return values of libogg functions.

Fixes bug #639136.
parent 876bf233
...@@ -281,29 +281,41 @@ gst_ogg_parse_dispose (GObject * object) ...@@ -281,29 +281,41 @@ gst_ogg_parse_dispose (GObject * object)
G_OBJECT_CLASS (parent_class)->dispose (object); G_OBJECT_CLASS (parent_class)->dispose (object);
} }
/* submit the given buffer to the ogg sync. /* submit the given buffer to the ogg sync */
* static GstFlowReturn
* Returns the number of bytes submited.
static gint
gst_ogg_parse_submit_buffer (GstOggParse * ogg, GstBuffer * buffer) gst_ogg_parse_submit_buffer (GstOggParse * ogg, GstBuffer * buffer)
{ {
guint size; guint size;
guint8 *data; guint8 *data;
gchar *oggbuffer; gchar *oggbuffer;
GstFlowReturn ret = GST_FLOW_OK;
size = GST_BUFFER_SIZE (buffer); size = GST_BUFFER_SIZE (buffer);
data = GST_BUFFER_DATA (buffer); data = GST_BUFFER_DATA (buffer);
/* We now have a buffer, submit it to the ogg sync layer */ GST_DEBUG_OBJECT (ogg, "submitting %u bytes", size);
if (G_UNLIKELY (size == 0))
goto done;
oggbuffer = ogg_sync_buffer (&ogg->sync, size); oggbuffer = ogg_sync_buffer (&ogg->sync, size);
if (G_UNLIKELY (oggbuffer == NULL)) {
(NULL), ("failed to get ogg sync buffer"));
goto done;
memcpy (oggbuffer, data, size); memcpy (oggbuffer, data, size);
ogg_sync_wrote (&ogg->sync, size); if (G_UNLIKELY (ogg_sync_wrote (&ogg->sync, size) < 0)) {
(NULL), ("failed to write %d bytes to the sync buffer", size));
/* We've copied all the neccesary data, so we're done with the buffer */ done:
gst_buffer_unref (buffer); gst_buffer_unref (buffer);
return size; return ret;
} }
static void static void
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment