Skip to content

M
mpd
Commit 351dda01 authored by Max Kellermann's avatar Max Kellermann
Browse files
Options

aac: check buffer lengths

The AAC plugin sometimes does not check the length of available data when checking for magic prefixes. Add length checks.
parent 9131f9eb
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 2 deletions
src/inputPlugins/aac_plugin.c
View file @ 351dda01
......@@ -196,7 +196,7 @@ static void initAacBuffer(InputStream * inStream, AacBuffer * b, float *length)
fillAacBuffer(b);
tagsize = 0;
if (!memcmp(b->buffer, "ID3", 3)) {
if (b->bytesIntoBuffer >= 10 && !memcmp(b->buffer, "ID3", 3)) {
tagsize = (b->buffer[6] << 21) | (b->buffer[7] << 14) |
(b->buffer[8] << 7) | (b->buffer[9] << 0);
......@@ -208,7 +208,8 @@ static void initAacBuffer(InputStream * inStream, AacBuffer * b, float *length)
if (length == NULL)
return;
if ((b->buffer[0] == 0xFF) && ((b->buffer[1] & 0xF6) == 0xF0)) {
if (b->bytesIntoBuffer >= 2 &&
(b->buffer[0] == 0xFF) && ((b->buffer[1] & 0xF6) == 0xF0)) {
adtsParse(b, length);
seekInputStream(b->inStream, tagsize, SEEK_SET);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment