Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-10 03:45:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 916836 - Handle jumps off the end of the buffer in MP3FrameParser. r=padenot

Browse Source
This commit is contained in:
Chris Pearce 2013-09-19 16:10:43 +12:00
parent ec8a827b6e
commit cae0d13cb8
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
content/media/MP3FrameParser.cpp
View File

@ -416,12 +416,23 @@ void MP3FrameParser::Parse(const char* aBuffer, uint32_t aLength, int64_t aOffse
return;
}
MOZ_ASSERT(bytesRead >= mBufferLength, "Parse should leave original buffer");
// Adjust the incoming buffer pointer/length so that it reflects that we may have
// consumed data from buffer.
uint32_t adjust = bytesRead - mBufferLength;
aOffset += adjust;
aLength -= adjust;
mBufferLength = 0;
if (adjust >= aLength) {
// The frame or tag found in the buffer finishes outside the range.
// Just set the offset to the end of that tag/frame, and return.
mOffset = streamOffset + bytesRead;
if (mOffset > mLength) {
mLength = mOffset;
}
return;
}
aOffset += adjust;
MOZ_ASSERT(aLength >= adjust);
aLength -= adjust;
}
uint32_t bytesRead = 0;