[Bug 778432] New: Crash on state chang to NULL during mp3_type_find_at_offset
GStreamer (GNOME Bugzilla)
bugzilla at gnome.org
Fri Feb 10 09:11:27 UTC 2017
https://bugzilla.gnome.org/show_bug.cgi?id=778432
Bug ID: 778432
Summary: Crash on state chang to NULL during
mp3_type_find_at_offset
Classification: Platform
Product: GStreamer
Version: git master
OS: Linux
Status: NEW
Severity: normal
Priority: Normal
Component: gst-plugins-base
Assignee: gstreamer-bugs at lists.freedesktop.org
Reporter: heekyoung.seo at lge.com
QA Contact: gstreamer-bugs at lists.freedesktop.org
GNOME version: ---
When changing state to NULL during mp3_type_find, assertion occurs due to
unsigned int overflow.
Variable "found" type is guint, but "found" value is changed to 4294967295
(0xffffffff) because the code that performs -1 without checking overflow.
if (head_data == NULL &&
gst_type_find_peek (tf, offset + start_off - 1, 1) == NULL)
/* Incomplete last frame - don't count it. */
found--;
Therefore, probability value is calculated abnormally large and it occurs
assert.
guint probability = found * GST_TYPE_FIND_MAXIMUM *
(GST_MP3_TYPEFIND_TRY_SYNC - skipped) /
GST_MP3_TYPEFIND_TRY_HEADERS / GST_MP3_TYPEFIND_TRY_SYNC;
...
g_assert (probability <= GST_TYPE_FIND_MAXIMUM);
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
More information about the gstreamer-bugs
mailing list