diff options
author | Sebastian Dröge <sebastian.droege@collabora.co.uk> | 2009-02-10 10:17:43 +0100 |
---|---|---|
committer | Sebastian Dröge <sebastian.droege@collabora.co.uk> | 2009-02-10 10:20:14 +0100 |
commit | 9a1d1cb91fa557f766485c430e9f4732a78f7365 (patch) | |
tree | f2dc157be0101cc097519b5dc41145a926ba3ed2 /ext | |
parent | 325c0d5d1092f0de9611dcec03da3a0986427bdf (diff) | |
download | gst-plugins-bad-9a1d1cb91fa557f766485c430e9f4732a78f7365.tar.gz gst-plugins-bad-9a1d1cb91fa557f766485c430e9f4732a78f7365.tar.bz2 gst-plugins-bad-9a1d1cb91fa557f766485c430e9f4732a78f7365.zip |
bpmdetect: Pass at most 2048 samples to SoundTouch's BPMDetect
Internally BPMDetect assumes that at most 2048 samples are passed
to it at once and stores those in a stack allocated static sized
array. If we pass too many samples this will result in a buffer overflow
resulting in heavy stack corruption and a crash. Fixes bug #570996.
Diffstat (limited to 'ext')
-rw-r--r-- | ext/soundtouch/gstbpmdetect.cc | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/ext/soundtouch/gstbpmdetect.cc b/ext/soundtouch/gstbpmdetect.cc index 8b1d7f1f..04f26bb8 100644 --- a/ext/soundtouch/gstbpmdetect.cc +++ b/ext/soundtouch/gstbpmdetect.cc @@ -207,12 +207,24 @@ gst_bpm_detect_transform_ip (GstBaseTransform * trans, GstBuffer * in) * data but our buffer data shouldn't be modified. */ if (filter->format.channels == 1) { - bpm_detect->priv->detect->inputSamples ((gfloat *) GST_BUFFER_DATA (in), - nsamples); + gfloat *inbuf = (gfloat *) GST_BUFFER_DATA (in); + + while (nsamples > 0) { + bpm_detect->priv->detect->inputSamples (inbuf, MIN (nsamples, 2048)); + nsamples -= 2048; + inbuf += 2048; + } } else { - gfloat *data = + gfloat *data, *inbuf; + + data = inbuf = (gfloat *) g_memdup (GST_BUFFER_DATA (in), GST_BUFFER_SIZE (in)); - bpm_detect->priv->detect->inputSamples (data, nsamples); + + while (nsamples > 0) { + bpm_detect->priv->detect->inputSamples (inbuf, MIN (nsamples, 2048)); + nsamples -= 2048; + inbuf += 2048 * 2; + } g_free (data); } |