diff options
author | Tim-Philipp Müller <tim@centricular.com> | 2021-05-23 13:29:07 +0100 |
---|---|---|
committer | Tim-Philipp Müller <tim@centricular.com> | 2021-06-01 02:01:21 +0100 |
commit | 9e98ed4c1df66c0bb8cebcc807194c8e18084b03 (patch) | |
tree | 857a20d0d5ab8c2e338dcb64f089ee21f6b366ed | |
parent | 17bb69044af8030046e85257b847eb3c0cb7adb1 (diff) | |
download | gstreamer-plugins-good-9e98ed4c1df66c0bb8cebcc807194c8e18084b03.tar.gz |
wavparse: clean up adtl/note/labl chunk parsing
We were passing the size of the adtl chunk to the note/labl
sub-chunk parsing function, which means we may memdup lots of
data after the chunk string's NUL terminator that doesn't
really belong to it.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/merge_requests/1000>
-rw-r--r-- | gst/wavparse/gstwavparse.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c index 336bdb779..360715f28 100644 --- a/gst/wavparse/gstwavparse.c +++ b/gst/wavparse/gstwavparse.c @@ -832,7 +832,6 @@ gst_wavparse_labl_chunk (GstWavParse * wav, const guint8 * data, guint32 size) labl = g_new0 (GstWavParseLabl, 1); /* parse data */ - data += 8; labl->cue_point_id = GST_READ_UINT32_LE (data); labl->text = g_memdup (data + 4, size - 4); @@ -862,7 +861,6 @@ gst_wavparse_note_chunk (GstWavParse * wav, const guint8 * data, guint32 size) note = g_new0 (GstWavParseNote, 1); /* parse data */ - data += 8; note->cue_point_id = GST_READ_UINT32_LE (data); note->text = g_memdup (data + 4, size - 4); @@ -933,10 +931,10 @@ gst_wavparse_adtl_chunk (GstWavParse * wav, const guint8 * data, guint32 size) switch (ltag) { case GST_RIFF_TAG_labl: - gst_wavparse_labl_chunk (wav, data + offset, size); + gst_wavparse_labl_chunk (wav, data + offset + 8, lsize); break; case GST_RIFF_TAG_note: - gst_wavparse_note_chunk (wav, data + offset, size); + gst_wavparse_note_chunk (wav, data + offset + 8, lsize); break; default: GST_WARNING_OBJECT (wav, "Unknowm adtl %" GST_FOURCC_FORMAT, |