From a962c0f40c1bf71b44a67f898a35122f158b6b25 Mon Sep 17 00:00:00 2001
From: David Schleef <ds@schleef.org>
Date: Thu, 24 Jul 2003 08:49:43 +0000
Subject: Add buffer length checks to every typefinding function

Original commit message from CVS:
Add buffer length checks to every typefinding function
---
 gst/cdxaparse/gstcdxaparse.c | 3 +++
 gst/festival/gstfestival.c   | 6 +++++-
 gst/modplug/gstmodplug.cc    | 3 +++
 3 files changed, 11 insertions(+), 1 deletion(-)

(limited to 'gst')

diff --git a/gst/cdxaparse/gstcdxaparse.c b/gst/cdxaparse/gstcdxaparse.c
index 1c2141b2..5af9bd81 100644
--- a/gst/cdxaparse/gstcdxaparse.c
+++ b/gst/cdxaparse/gstcdxaparse.c
@@ -167,6 +167,9 @@ cdxa_type_find (GstBuffer *buf,
 
   GST_DEBUG ("cdxa_parse: typefind");
 
+  if (GST_BUFFER_SIZE (buf) < 12)
+    return NULL;
+
   if (GUINT32_FROM_LE (((guint32 *)data)[0]) != GST_RIFF_TAG_RIFF)
     return NULL;
   if (GUINT32_FROM_LE (((guint32 *)data)[2]) != GST_RIFF_RIFF_CDXA)
diff --git a/gst/festival/gstfestival.c b/gst/festival/gstfestival.c
index 7f40e3b0..87416184 100644
--- a/gst/festival/gstfestival.c
+++ b/gst/festival/gstfestival.c
@@ -203,8 +203,12 @@ text_type_find (GstBuffer *buf, gpointer private)
   gchar *data = GST_BUFFER_DATA (buf);
   gint i;
 
+  /* 20 is arbitrary.  4 is definitely too small. */
+  if (GST_BUFFER_SIZE (buf) < 20)
+    return NULL;
+
   for (i=0; i<GST_BUFFER_SIZE (buf); i++) {
-    if (!isprint(*(data+i)))
+    if (!isprint(data[i]) && data[i]!='\n')
       return NULL;
   }
 
diff --git a/gst/modplug/gstmodplug.cc b/gst/modplug/gstmodplug.cc
index 9270938b..2fa602f7 100644
--- a/gst/modplug/gstmodplug.cc
+++ b/gst/modplug/gstmodplug.cc
@@ -132,6 +132,9 @@ static GstElementClass *parent_class = NULL;
 static GstCaps* 
 modplug_type_find (GstBuffer *buf, gpointer priv) 
 {  
+  if (GST_BUFFER_SIZE (buf) < 75)
+    return NULL;
+
   if (MOD_CheckType (buf)     ||
       Mod_669_CheckType (buf) ||
       Amf_CheckType (buf)     ||
-- 
cgit v1.2.1