[Bug 773712] isomp4: Add support for FLAC
GStreamer (GNOME Bugzilla)
bugzilla at gnome.org
Mon Nov 21 15:39:40 UTC 2016
https://bugzilla.gnome.org/show_bug.cgi?id=773712
--- Comment #7 from David Evans <bbcrddave at gmail.com> ---
Created attachment 340433
--> https://bugzilla.gnome.org/attachment.cgi?id=340433&action=edit
Ensure all dfLa array accesses are constrained to box length
> Also in the other array accesses above.
Having thought about this much more over the weekend, it turns out you were
right Sebastian. It turned out that the last iteration through the while loop
could indeed exceed the box length if the data was corrupt/incorrect/malicious.
So, many apologies for that.
This patch ensures that as the metadata blocks are accessed, all reads are
constrained to within the box length which was validated earlier.
Note that in order for downstream elements to work correctly, the
last-metadata-block flag must be set. In the case that the data is corrupt,
this will not have happened so it's better not to set anything in the
streamheader.
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
More information about the gstreamer-bugs
mailing list