After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 590622 - [bytereader] buffer size checks subject to wrap-around overflow
[bytereader] buffer size checks subject to wrap-around overflow
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gstreamer (core)
git master
Other Linux
: Normal blocker
: 0.10.24
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2009-08-03 13:30 UTC by Mark Nauwelaerts
Modified: 2009-08-03 19:15 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Patch buffer size checks (10.47 KB, patch)
2009-08-03 13:33 UTC, Mark Nauwelaerts 		committed Details | Review

Description Mark Nauwelaerts 2009-08-03 13:30:56 UTC 
GstByteReader functions check whether there is enough data for requested item, typically with a fragment as follows:

if (reader->byte + size > reader->size)
  return FALSE;

However, if size and/or current byte position are sufficiently large, wrap-around might make it seems sufficient data is still available, while not really so.
Comment 1 Mark Nauwelaerts 2009-08-03 13:33:59 UTC 
Created attachment 139783 [details] [review]
Patch buffer size checks

Use slightly different check on buffer size availability to avoid wrap-around
(using the constraint that reader->byte <= reader->size).
Comment 2 Sebastian Dröge (slomo) 2009-08-03 17:13:35 UTC 
Looks good... good catch :)
Comment 3 Tim-Philipp Müller 2009-08-03 17:30:11 UTC 
Could we please get this in for the release?

Should be straight-forward enough, and is needed so code in plugin modules can rely on GstByteReader to do proper bounds checking.
Comment 4 Jan Schmidt 2009-08-03 18:34:45 UTC 
Please commit...
Comment 5 Mark Nauwelaerts 2009-08-03 19:08:03 UTC 
commit eeb6d810bcf989b1daff599d03aeb19066729b17
Author: Mark Nauwelaerts <mark.nauwelaerts@collabora.co.uk>
Date:   Mon Aug 3 15:31:22 2009 +0200

    bytereader: avoid wrap-around in buffer size checks.  Fixes #590622.