Bug 1092370 - Tighten up MP3FrameParser. r=cpearce, a=abillings
authorEdwin Flores <edwin@mozilla.com>
Fri, 30 Jan 2015 16:54:12 +1300
changeset 243605 03be92be95c2
parent 243604 1ec36b2a9775
child 243606 85a7c4ca81f9
push id4411
push userryanvm@gmail.com
push date2015-01-30 20:02 +0000
treeherdermozilla-beta@03be92be95c2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerscpearce, abillings
bugs1092370
milestone36.0
Bug 1092370 - Tighten up MP3FrameParser. r=cpearce, a=abillings
dom/media/MP3FrameParser.cpp
--- a/dom/media/MP3FrameParser.cpp
+++ b/dom/media/MP3FrameParser.cpp
@@ -332,16 +332,21 @@ nsresult MP3FrameParser::ParseBuffer(con
   // If we haven't found any MP3 frame data yet, there might be ID3 headers
   // we can skip over.
   if (mMP3Offset < 0) {
     for (const uint8_t *ch = buffer; ch < bufferEnd; ch++) {
       if (mID3Parser.ParseChar(*ch)) {
         // Found an ID3 header. We don't care about the body of the header, so
         // just skip past.
         buffer = ch + mID3Parser.GetHeaderLength() - (ID3_HEADER_LENGTH - 1);
+
+        if (buffer <= ch) {
+          return NS_ERROR_FAILURE;
+        }
+
         ch = buffer;
 
         mTotalID3Size += mID3Parser.GetHeaderLength();
 
         // Yes, this is an MP3!
         mIsMP3 = DEFINITELY_MP3;
 
         mID3Parser.Reset();