summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Source/WebCore/platform/graphics/gstreamer/ImageGStreamerQt.cpp4
-rw-r--r--Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp2
2 files changed, 5 insertions, 1 deletions
diff --git a/Source/WebCore/platform/graphics/gstreamer/ImageGStreamerQt.cpp b/Source/WebCore/platform/graphics/gstreamer/ImageGStreamerQt.cpp
index ece3c3f27..58db02696 100644
--- a/Source/WebCore/platform/graphics/gstreamer/ImageGStreamerQt.cpp
+++ b/Source/WebCore/platform/graphics/gstreamer/ImageGStreamerQt.cpp
@@ -45,6 +45,10 @@ ImageGStreamer::ImageGStreamer(GstBuffer* buffer, GstCaps* caps)
#ifdef GST_API_VERSION_1
gst_buffer_map(buffer, &m_mapInfo, GST_MAP_READ);
uchar* bufferData = reinterpret_cast<uchar*>(m_mapInfo.data);
+ if (size.width() * size.height() * 4 > m_mapInfo.maxsize) {
+ qWarning("Ignoring dangerously invalid frame emitted by GStreamer.");
+ return;
+ }
#else
uchar* bufferData = reinterpret_cast<uchar*>(GST_BUFFER_DATA(buffer));
#endif
diff --git a/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp b/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp
index 83c896c39..6235ae9be 100644
--- a/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp
+++ b/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp
@@ -440,7 +440,7 @@ void MediaPlayerPrivateGStreamerBase::paint(GraphicsContext* context, const IntR
}
RefPtr<ImageGStreamer> gstImage = ImageGStreamer::createImage(m_buffer, caps.get());
- if (!gstImage) {
+ if (!gstImage || !gstImage->image().get()) {
g_mutex_unlock(m_bufferMutex);
return;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-21 13:02:57 +0000