typefind: Avoid overflow calculation

The qt typefinder uses guint64 values for offset and size calculation but the typefinder system only supports gint64 values. Make sure we don't end up using potentially overflowing values.
author: Edward Hervey <edward@centricular.com> 2017-12-08 08:00:07 +0100
committer: Sebastian Dröge <sebastian@centricular.com> 2018-01-17 15:56:14 +0200
commit: 68b91556f749ea82cb6cb4a1a6f53dca5d85b000 (patch)
tree: a0e474500811d675f0944194c617f09ac1d57958
parent: 4fa7de1eb28d97837c64578c6e5f6ff835e548e4 (diff)
download: gstreamer-plugins-base-68b91556f749ea82cb6cb4a1a6f53dca5d85b000.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/gst/typefind/gsttypefindfunctions.c b/gst/typefind/gsttypefindfunctions.c
index 70a8bf9b1..44a146acb 100644
--- a/gst/typefind/gsttypefindfunctions.c
+++ b/gst/typefind/gsttypefindfunctions.c
@@ -3262,6 +3262,8 @@ qt_type_find (GstTypeFind * tf, gpointer unused)
     }
 
     size = GST_READ_UINT32_BE (data);
+    if (size + offset >= G_MAXINT64)
+      break;
     /* check compatible brands rather than ever expaning major brands above */
     if ((STRNCMP (&data[4], "ftyp", 4) == 0) && (size >= 16)) {
       new_offset = offset + 12;
@@ -3297,6 +3299,8 @@ qt_type_find (GstTypeFind * tf, gpointer unused)
     new_offset = offset + size;
     if (new_offset <= offset)
       break;
+    if (new_offset + 16 >= G_MAXINT64)
+      break;
     offset = new_offset;
   }
author	Edward Hervey <edward@centricular.com>	2017-12-08 08:00:07 +0100
committer	Sebastian Dröge <sebastian@centricular.com>	2018-01-17 15:56:14 +0200
commit	68b91556f749ea82cb6cb4a1a6f53dca5d85b000 (patch)
tree	a0e474500811d675f0944194c617f09ac1d57958
parent	4fa7de1eb28d97837c64578c6e5f6ff835e548e4 (diff)
download	gstreamer-plugins-base-68b91556f749ea82cb6cb4a1a6f53dca5d85b000.tar.gz