diff options
-rw-r--r-- | ext/audiofile/gstaftypes.c | 4 | ||||
-rw-r--r-- | ext/ivorbis/vorbis.c | 7 | ||||
-rw-r--r-- | ext/swfdec/gstswfdec.c | 3 | ||||
-rw-r--r-- | ext/tarkin/gsttarkin.c | 7 | ||||
-rw-r--r-- | gst/cdxaparse/gstcdxaparse.c | 3 | ||||
-rw-r--r-- | gst/festival/gstfestival.c | 6 | ||||
-rw-r--r-- | gst/modplug/gstmodplug.cc | 3 |
7 files changed, 28 insertions, 5 deletions
diff --git a/ext/audiofile/gstaftypes.c b/ext/audiofile/gstaftypes.c index 8765f2b5..26832d76 100644 --- a/ext/audiofile/gstaftypes.c +++ b/ext/audiofile/gstaftypes.c @@ -58,7 +58,7 @@ gst_aftypes_type_find(GstBuffer *buf, gpointer private) int file_format, format_version; gchar *type; - g_print("calling gst_aftypes_type_find\n"); + GST_DEBUG("calling gst_aftypes_type_find"); buffer_wrap->buffer = buf; buffer_wrap->offset = 0; @@ -76,7 +76,7 @@ gst_aftypes_type_find(GstBuffer *buf, gpointer private) file_format = afGetFileFormat (file, &format_version); afCloseFile (file); - g_print("file format: %d\n", file_format); + GST_DEBUG("file format: %d", file_format); /* reject raw data, just in case it is some other format */ if (file_format == AF_FILE_UNKNOWN || diff --git a/ext/ivorbis/vorbis.c b/ext/ivorbis/vorbis.c index 4a95c14e..65ef4b06 100644 --- a/ext/ivorbis/vorbis.c +++ b/ext/ivorbis/vorbis.c @@ -83,7 +83,12 @@ static GstTypeDefinition vorbisdefinition = { static GstCaps* vorbis_type_find (GstBuffer *buf, gpointer private) { - guint32 head = GUINT32_FROM_BE (*((guint32 *)GST_BUFFER_DATA (buf))); + guint32 head; + + if (GST_BUFFER_SIZE (buf) < 4) + return NULL; + + head = GUINT32_FROM_BE (*((guint32 *)GST_BUFFER_DATA (buf))); if (head != 0x4F676753) return NULL; diff --git a/ext/swfdec/gstswfdec.c b/ext/swfdec/gstswfdec.c index e56b9da1..a052fe7a 100644 --- a/ext/swfdec/gstswfdec.c +++ b/ext/swfdec/gstswfdec.c @@ -631,6 +631,9 @@ swf_type_find(GstBuffer *buf, gpointer private) { gchar *data = GST_BUFFER_DATA(buf); + if (GST_BUFFER_SIZE (buf) < 4) + return NULL; + if((data[0] != 'F' && data[0] != 'C') || data[1] != 'W' || data[2] != 'S')return NULL; diff --git a/ext/tarkin/gsttarkin.c b/ext/tarkin/gsttarkin.c index 69fee01a..6e9abbc1 100644 --- a/ext/tarkin/gsttarkin.c +++ b/ext/tarkin/gsttarkin.c @@ -69,11 +69,16 @@ static GstTypeDefinition tarkindefinition = static GstCaps* tarkin_type_find (GstBuffer *buf, gpointer private) { - guint32 head = GUINT32_FROM_BE (*((guint32 *)GST_BUFFER_DATA (buf))); + guint32 head; + + if (GST_BUFFER_SIZE (buf) < 4) + return NULL; /* FIXME */ return NULL; + head = GUINT32_FROM_BE (*((guint32 *)GST_BUFFER_DATA (buf))); + if (head != 0x4F676753) return NULL; diff --git a/gst/cdxaparse/gstcdxaparse.c b/gst/cdxaparse/gstcdxaparse.c index 1c2141b2..5af9bd81 100644 --- a/gst/cdxaparse/gstcdxaparse.c +++ b/gst/cdxaparse/gstcdxaparse.c @@ -167,6 +167,9 @@ cdxa_type_find (GstBuffer *buf, GST_DEBUG ("cdxa_parse: typefind"); + if (GST_BUFFER_SIZE (buf) < 12) + return NULL; + if (GUINT32_FROM_LE (((guint32 *)data)[0]) != GST_RIFF_TAG_RIFF) return NULL; if (GUINT32_FROM_LE (((guint32 *)data)[2]) != GST_RIFF_RIFF_CDXA) diff --git a/gst/festival/gstfestival.c b/gst/festival/gstfestival.c index 7f40e3b0..87416184 100644 --- a/gst/festival/gstfestival.c +++ b/gst/festival/gstfestival.c @@ -203,8 +203,12 @@ text_type_find (GstBuffer *buf, gpointer private) gchar *data = GST_BUFFER_DATA (buf); gint i; + /* 20 is arbitrary. 4 is definitely too small. */ + if (GST_BUFFER_SIZE (buf) < 20) + return NULL; + for (i=0; i<GST_BUFFER_SIZE (buf); i++) { - if (!isprint(*(data+i))) + if (!isprint(data[i]) && data[i]!='\n') return NULL; } diff --git a/gst/modplug/gstmodplug.cc b/gst/modplug/gstmodplug.cc index 9270938b..2fa602f7 100644 --- a/gst/modplug/gstmodplug.cc +++ b/gst/modplug/gstmodplug.cc @@ -132,6 +132,9 @@ static GstElementClass *parent_class = NULL; static GstCaps* modplug_type_find (GstBuffer *buf, gpointer priv) { + if (GST_BUFFER_SIZE (buf) < 75) + return NULL; + if (MOD_CheckType (buf) || Mod_669_CheckType (buf) || Amf_CheckType (buf) || |