typefinders: skip ffmpeg typefinders if there isn't enough data

ffmpeg typefinders don't do bounds checking for small chunks of data, so just skip them if we don't have a lot of data, to avoid invalid memory access and/or crashes.

typefinders: skip ffmpeg typefinders if there isn't enough data
ffmpeg typefinders don't do bounds checking for small chunks of data, so just skip them if we don't have a lot of data, to avoid invalid memory access and/or crashes.
00441284 · Tim-Philipp Müller · 30da9c07 · 00441284
Commit 00441284 authored Aug 21, 2009 by Tim-Philipp Müller
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 0 deletions

ext/ffmpeg/gstffmpegdemux.c ext/ffmpeg/gstffmpegdemux.c +12 -0

No files found.
--- a/ext/ffmpeg/gstffmpegdemux.c
+++ b/ext/ffmpeg/gstffmpegdemux.c
@@ -1252,6 +1252,8 @@ no_info:
 }

 #define GST_FFMPEG_TYPE_FIND_SIZE 4096
+#define GST_FFMPEG_TYPE_FIND_MIN_SIZE 256
+
 static void
 gst_ffmpegdemux_type_find (GstTypeFind * tf, gpointer priv)
 {
@@ -1267,6 +1269,16 @@ gst_ffmpegdemux_type_find (GstTypeFind * tf, gpointer priv)
  if (length == 0 || length > GST_FFMPEG_TYPE_FIND_SIZE)
    length = GST_FFMPEG_TYPE_FIND_SIZE;

+  /* The ffmpeg typefinders assume there's a certain minimum amount of data
+   * and will happily do invalid memory access if there isn't, so let's just
+   * skip the ffmpeg typefinders if the data available is too short
+   * (in which case it's unlikely to be a media file anyway) */
+  if (length < GST_FFMPEG_TYPE_FIND_MIN_SIZE) {
+    GST_LOG ("not typefinding %" G_GUINT64_FORMAT " bytes, too short", length);
+    return;
+  }
+
+  GST_LOG ("typefinding %" G_GUINT64_FORMAT " bytes", length);
  if (in_plugin->read_probe &&
      (data = gst_type_find_peek (tf, 0, length)) != NULL) {
    AVProbeData probe_data;