From 5b87b537beea3e2f5f4b59589a56a68d725b57b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Stadler?= Date: Sun, 6 Sep 2009 02:44:05 +0300 Subject: videosignal: add bound checks --- gst/videosignal/gstvideodetect.c | 9 +++++++++ gst/videosignal/gstvideomark.c | 18 ++++++++++++++++-- 2 files changed, 25 insertions(+), 2 deletions(-) (limited to 'gst/videosignal') diff --git a/gst/videosignal/gstvideodetect.c b/gst/videosignal/gstvideodetect.c index c17871a97..3cdf3c661 100644 --- a/gst/videosignal/gstvideodetect.c +++ b/gst/videosignal/gstvideodetect.c @@ -231,6 +231,7 @@ gst_video_detect_420 (GstVideoDetect * videodetect, GstBuffer * buffer) { gdouble brightness; gint i, pw, ph, stride, width, height; + gint req_width, req_height; guint8 *d, *data; guint pattern_data; @@ -243,6 +244,14 @@ gst_video_detect_420 (GstVideoDetect * videodetect, GstBuffer * buffer) ph = videodetect->pattern_height; stride = GST_VIDEO_I420_Y_ROWSTRIDE (width); + req_width = + (videodetect->pattern_count + videodetect->pattern_data_count) * pw + + videodetect->left_offset; + req_height = videodetect->bottom_offset + ph; + if (req_width > width || req_height > height) { + goto no_pattern; + } + /* analyse the bottom left pixels */ for (i = 0; i < videodetect->pattern_count; i++) { d = data; diff --git a/gst/videosignal/gstvideomark.c b/gst/videosignal/gstvideomark.c index 7f73c39f1..10e748efe 100644 --- a/gst/videosignal/gstvideomark.c +++ b/gst/videosignal/gstvideomark.c @@ -140,10 +140,11 @@ gst_video_mark_draw_box (GstVideoMark * videomark, guint8 * data, } } -static void +static GstFlowReturn gst_video_mark_420 (GstVideoMark * videomark, GstBuffer * buffer) { gint i, pw, ph, stride, width, height; + gint req_width, req_height; guint8 *d, *data; guint pattern_shift; guint8 color; @@ -157,6 +158,17 @@ gst_video_mark_420 (GstVideoMark * videomark, GstBuffer * buffer) ph = videomark->pattern_height; stride = GST_VIDEO_I420_Y_ROWSTRIDE (width); + req_width = + (videomark->pattern_count + videomark->pattern_data_count) * pw + + videomark->left_offset; + req_height = videomark->bottom_offset + ph; + if (req_width > width || req_height > height) { + GST_ELEMENT_ERROR (videomark, STREAM, WRONG_TYPE, (NULL), + ("videomark pattern doesn't fit video, need at least %ix%i (stream has %ix%i)", + req_width, req_height, width, height)); + return GST_FLOW_ERROR; + } + /* draw the bottom left pixels */ for (i = 0; i < videomark->pattern_count; i++) { d = data; @@ -198,6 +210,8 @@ gst_video_mark_420 (GstVideoMark * videomark, GstBuffer * buffer) pattern_shift >>= 1; } + + return GST_FLOW_OK; } static GstFlowReturn @@ -209,7 +223,7 @@ gst_video_mark_transform_ip (GstBaseTransform * trans, GstBuffer * buf) videomark = GST_VIDEO_MARK (trans); if (videomark->enabled) - gst_video_mark_420 (videomark, buf); + return gst_video_mark_420 (videomark, buf); return ret; } -- cgit v1.2.1