diff options
author | Tim-Philipp Müller <tim@centricular.com> | 2017-01-30 20:20:08 +0000 |
---|---|---|
committer | Tim-Philipp Müller <tim@centricular.com> | 2017-01-31 20:54:15 +0000 |
commit | cc1968e3e7995ae737e4d484ecf7b8b6139dac91 (patch) | |
tree | e9bee7b851c299d229d913401a386aff4fcd5dfc | |
parent | 2b7988234ab7ad3740c10824b403ad60b2046abc (diff) | |
download | gstreamer-plugins-good-cc1968e3e7995ae737e4d484ecf7b8b6139dac91.tar.gz |
qtdemux: sanity check number of segments in edit list
Fixes crash with fuzzed file.
https://bugzilla.gnome.org/show_bug.cgi?id=777940
-rw-r--r-- | gst/isomp4/qtdemux.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c index f2c4a4286..ba36a9e09 100644 --- a/gst/isomp4/qtdemux.c +++ b/gst/isomp4/qtdemux.c @@ -8668,7 +8668,7 @@ qtdemux_parse_segments (GstQTDemux * qtdemux, QtDemuxStream * stream, n_segments = QT_UINT32 (buffer + 12); - if (size < 16 + n_segments * entry_size) { + if (n_segments > 100000 || size < 16 + n_segments * entry_size) { GST_WARNING_OBJECT (qtdemux, "Invalid edit list"); goto done; } |