1 Description: Fix buffer overflow in mp4 parsing
2 Author: Ralph Giles <giles@mozilla.com>
4 --- gst-plugins-bad0.10-0.10.23.orig/gst/videoparsers/gsth264parse.c
5 +++ gst-plugins-bad0.10-0.10.23/gst/videoparsers/gsth264parse.c
6 @@ -384,6 +384,11 @@ gst_h264_parse_wrap_nal (GstH264Parse *
8 GST_DEBUG_OBJECT (h264parse, "nal length %d", size);
10 + if (size > G_MAXUINT32 - nl) {
11 + GST_ELEMENT_ERROR (h264parse, STREAM, FAILED, (NULL),
12 + ("overflow in nal size"));
15 buf = gst_buffer_new_and_alloc (size + nl + 4);
16 if (format == GST_H264_PARSE_FORMAT_AVC) {
17 GST_WRITE_UINT32_BE (GST_BUFFER_DATA (buf), size << (32 - 8 * nl));
18 @@ -452,6 +457,11 @@ gst_h264_parse_process_nal (GstH264Parse
19 GST_DEBUG_OBJECT (h264parse, "not processing nal size %u", nalu->size);
22 + if (G_UNLIKELY (nalu->size > 20 * 1024 * 1024)) {
23 + GST_DEBUG_OBJECT (h264parse, "not processing nal size %u (too big)",
28 /* we have a peek as well */
29 nal_type = nalu->type;