Commit a5ecb465 authored by Tim-Philipp Müller's avatar Tim-Philipp Müller 🐠

bufferlist: fix abort due to underflow when creating 0-sized list

gst_buffer_list_new_sized(0) will cause an underflow in a calculation
which then makes it try to allocate huge amounts of memory, which
may lead to aborts.

https://bugzilla.gnome.org/show_bug.cgi?id=795758
parent d06895ce
......@@ -149,6 +149,9 @@ gst_buffer_list_new_sized (guint size)
gsize slice_size;
guint n_allocated;
if (size == 0)
size = 1;
n_allocated = GST_ROUND_UP_16 (size);
slice_size = sizeof (GstBufferList) + (n_allocated - 1) * sizeof (gpointer);
......
......@@ -474,6 +474,15 @@ GST_START_TEST (test_calc_size)
GST_END_TEST;
GST_START_TEST (test_new_sized_0)
{
GstBufferList *b = gst_buffer_list_new_sized (0);
gst_buffer_list_unref (b);
}
GST_END_TEST;
static Suite *
gst_buffer_list_suite (void)
{
......@@ -491,6 +500,7 @@ gst_buffer_list_suite (void)
tcase_add_test (tc_chain, test_expand_and_remove);
tcase_add_test (tc_chain, test_get_writable);
tcase_add_test (tc_chain, test_calc_size);
tcase_add_test (tc_chain, test_new_sized_0);
return s;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment