projects / paraslash.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: 9342a7d)
read_asf_header() sanity-check header len.
authorAndre Noll <maan@systemlinux.org>
Mon, 19 Oct 2009 19:52:49 +0000 (21:52 +0200)
committerAndre Noll <maan@systemlinux.org>
Wed, 18 Nov 2009 18:34:25 +0000 (19:34 +0100)
wma_common.c patch | blob | history

diff --git a/wma_common.c b/wma_common.c
index be195e665cfb5eef751d678a8d41a00ce1701aed..3326cfff6148128f08ebc3b388ee82711a3c9ed5 100644 (file)
--- a/wma_common.c
+++ b/wma_common.c
@@ -47,7 +47,7 @@ static int find_audio_stream_info(const char *buf, int len)
        if (!p)
                return -E_WMA_NO_GUID;
        PARA_DEBUG_LOG("found audio stream guid@%0zx\n", p - buf);
        if (!p)
                return -E_WMA_NO_GUID;
        PARA_DEBUG_LOG("found audio stream guid@%0zx\n", p - buf);
-       return p - buf;
+       return p - buf + 16;
 }
 
 static int read_header_len(char *buf, int len)
 }
 
 static int read_header_len(char *buf, int len)
@@ -62,8 +62,14 @@ static int read_header_len(char *buf, int len)
 }
 
 /**
 }
 
 /**
+ * Read an asf audio file header.
+ *
+ * \param buf The input buffer.
+ * \param loaded Number of bytes in \a buf.
+ * \param ahi Result pointer.
+ *
  * \return Negative on errors, zero if more data is needed in order to read the
  * \return Negative on errors, zero if more data is needed in order to read the
- * full header. Positive header length on success.
+ * full header, 1 on success.
  */
 int read_asf_header(char *buf, int loaded, struct asf_header_info *ahi)
 {
  */
 int read_asf_header(char *buf, int loaded, struct asf_header_info *ahi)
 {
@@ -78,10 +84,10 @@ int read_asf_header(char *buf, int loaded, struct asf_header_info *ahi)
        ret = find_audio_stream_info(buf, ahi->header_len);
        if (ret < 0)
                return ret;
        ret = find_audio_stream_info(buf, ahi->header_len);
        if (ret < 0)
                return ret;
-       /* FIXME: Check ranges */
-       ahi->audio_stream_info_start = ret + 16;
+       if (ret + 62 > loaded)
+               return 0;
+       ahi->audio_stream_info_start = ret;
        start = buf + ahi->audio_stream_info_start;
        start = buf + ahi->audio_stream_info_start;
-
        ahi->channels = ((uint8_t *)start)[40];
        ahi->sample_rate = read_u16(start + 42);
        PARA_NOTICE_LOG("%d channels, sample rate: %d\n", ahi->channels,
        ahi->channels = ((uint8_t *)start)[40];
        ahi->sample_rate = read_u16(start + 42);
        PARA_NOTICE_LOG("%d channels, sample rate: %d\n", ahi->channels,
paraslash - network audio streaming tools