[vlc-devel] commit: Fixed segfault when parsing wav file to check for dts/a52. ( Laurent Aimar )
git version control
git at videolan.org
Sun Jun 29 00:10:08 CEST 2008
vlc | branch: master | Laurent Aimar <fenrir at videolan.org> | Sat Jun 28 22:12:00 2008 +0000| [e81f6fca6f99e83338959f956b1f4d1e14602078]
Fixed segfault when parsing wav file to check for dts/a52.
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=e81f6fca6f99e83338959f956b1f4d1e14602078
---
modules/demux/a52.c | 21 ++++++++++++---------
modules/demux/dts.c | 34 ++++++++++++++++++----------------
2 files changed, 30 insertions(+), 25 deletions(-)
diff --git a/modules/demux/a52.c b/modules/demux/a52.c
index fc675a5..defb32b 100644
--- a/modules/demux/a52.c
+++ b/modules/demux/a52.c
@@ -74,9 +74,9 @@ static int CheckSync( const uint8_t *p_peek, bool *p_big_endian );
#define PCM_FRAME_SIZE (1536 * 4)
#define A52_PACKET_SIZE (4 * PCM_FRAME_SIZE)
+#define A52_PROBE_SIZE (512*1024)
#define A52_MAX_HEADER_SIZE 10
-
/*****************************************************************************
* Open: initializes ES structures
*****************************************************************************/
@@ -89,24 +89,27 @@ static int Open( vlc_object_t * p_this )
bool b_big_endian = 0; /* Arbitrary initialisation */
/* Check if we are dealing with a WAV file */
- if( stream_Peek( p_demux->s, &p_peek, 12 ) == 12 &&
- !memcmp( p_peek, "RIFF", 4 ) && !memcmp( p_peek + 8, "WAVE", 4 ) )
+ if( stream_Peek( p_demux->s, &p_peek, 12+8 ) == 12+8 &&
+ !memcmp( p_peek, "RIFF", 4 ) && !memcmp( &p_peek[8], "WAVE", 4 ) )
{
- int i_size;
-
/* Skip the wave header */
i_peek = 12 + 8;
- while( stream_Peek( p_demux->s, &p_peek, i_peek ) == i_peek &&
- memcmp( p_peek + i_peek - 8, "data", 4 ) )
+ while( memcmp( p_peek + i_peek - 8, "data", 4 ) )
{
- i_peek += GetDWLE( p_peek + i_peek - 4 ) + 8;
+ uint32_t i_len = GetDWLE( p_peek + i_peek - 4 );
+ if( i_len > A52_PROBE_SIZE || i_peek + i_len > A52_PROBE_SIZE )
+ return VLC_EGENERIC;
+
+ i_peek += i_len + 8;
+ if( stream_Peek( p_demux->s, &p_peek, i_peek ) != i_peek )
+ return VLC_EGENERIC;
}
/* TODO: should check wave format and sample_rate */
/* Some A52 wav files don't begin with a sync code so we do a more
* extensive search */
- i_size = stream_Peek( p_demux->s, &p_peek, i_peek + A52_PACKET_SIZE * 2);
+ int i_size = stream_Peek( p_demux->s, &p_peek, i_peek + A52_PACKET_SIZE * 2);
i_size -= (PCM_FRAME_SIZE + A52_MAX_HEADER_SIZE);
while( i_peek < i_size )
diff --git a/modules/demux/dts.c b/modules/demux/dts.c
index 4b00f3a..914c77b 100644
--- a/modules/demux/dts.c
+++ b/modules/demux/dts.c
@@ -85,49 +85,51 @@ static int Open( vlc_object_t * p_this )
if( stream_Peek( p_demux->s, &p_peek, 20 ) == 20 &&
!memcmp( p_peek, "RIFF", 4 ) && !memcmp( &p_peek[8], "WAVE", 4 ) )
{
- int i_size;
-
/* Find the wave format header */
- i_peek = 20;
+ i_peek = 12 + 8;
while( memcmp( p_peek + i_peek - 8, "fmt ", 4 ) )
{
- i_size = GetDWLE( p_peek + i_peek - 4 );
- if( i_size + i_peek > DTS_PROBE_SIZE ) return VLC_EGENERIC;
- i_peek += i_size + 8;
+ uint32_t i_len = GetDWLE( p_peek + i_peek - 4 );
+ if( i_len > DTS_PROBE_SIZE || i_peek + i_len > DTS_PROBE_SIZE )
+ return VLC_EGENERIC;
+ i_peek += i_len + 8;
if( stream_Peek( p_demux->s, &p_peek, i_peek ) != i_peek )
return VLC_EGENERIC;
}
/* Sanity check the wave format header */
- i_size = GetDWLE( p_peek + i_peek - 4 );
- if( i_size + i_peek > DTS_PROBE_SIZE ) return VLC_EGENERIC;
- i_peek += i_size + 8;
+ uint32_t i_len = GetDWLE( p_peek + i_peek - 4 );
+ if( i_len > DTS_PROBE_SIZE )
+ return VLC_EGENERIC;
+
+ i_peek += i_len + 8;
if( stream_Peek( p_demux->s, &p_peek, i_peek ) != i_peek )
return VLC_EGENERIC;
- if( GetWLE( p_peek + i_peek - i_size - 8 /* wFormatTag */ ) !=
+ if( GetWLE( p_peek + i_peek - i_len - 8 /* wFormatTag */ ) !=
1 /* WAVE_FORMAT_PCM */ )
return VLC_EGENERIC;
- if( GetWLE( p_peek + i_peek - i_size - 6 /* nChannels */ ) != 2 )
+ if( GetWLE( p_peek + i_peek - i_len - 6 /* nChannels */ ) != 2 )
return VLC_EGENERIC;
- if( GetDWLE( p_peek + i_peek - i_size - 4 /* nSamplesPerSec */ ) !=
+ if( GetDWLE( p_peek + i_peek - i_len - 4 /* nSamplesPerSec */ ) !=
44100 )
return VLC_EGENERIC;
/* Skip the wave header */
while( memcmp( p_peek + i_peek - 8, "data", 4 ) )
{
- i_size = GetDWLE( p_peek + i_peek - 4 );
- if( i_size + i_peek > DTS_PROBE_SIZE ) return VLC_EGENERIC;
- i_peek += i_size + 8;
+ uint32_t i_len = GetDWLE( p_peek + i_peek - 4 );
+ if( i_len > DTS_PROBE_SIZE || i_peek + i_len > DTS_PROBE_SIZE )
+ return VLC_EGENERIC;
+ i_peek += i_len + 8;
if( stream_Peek( p_demux->s, &p_peek, i_peek ) != i_peek )
return VLC_EGENERIC;
}
/* Some DTS wav files don't begin with a sync code so we do a more
* extensive search */
- i_size = stream_Peek( p_demux->s, &p_peek, DTS_PROBE_SIZE );
+ int i_size = stream_Peek( p_demux->s, &p_peek, DTS_PROBE_SIZE );
i_size -= DTS_MAX_HEADER_SIZE;
while( i_peek < i_size )
More information about the vlc-devel
mailing list