Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc
Commits
d7ddde73
Commit
d7ddde73
authored
Feb 23, 2015
by
Steve Lhomme
Committed by
Jean-Baptiste Kempf
Feb 23, 2015
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
better size checking of EBML elements before we read them
Signed-off-by:
Jean-Baptiste Kempf
<
jb@videolan.org
>
parent
723b35b5
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
16 additions
and
14 deletions
+16
-14
modules/demux/mkv/demux.cpp
modules/demux/mkv/demux.cpp
+1
-1
modules/demux/mkv/matroska_segment.cpp
modules/demux/mkv/matroska_segment.cpp
+8
-6
modules/demux/mkv/matroska_segment_parse.cpp
modules/demux/mkv/matroska_segment_parse.cpp
+7
-7
No files found.
modules/demux/mkv/demux.cpp
View file @
d7ddde73
...
...
@@ -519,7 +519,7 @@ matroska_stream_c *demux_sys_t::AnalyseAllSegmentsFound( demux_t *p_demux, EbmlS
// find the families of this segment
KaxInfo
*
p_info
=
static_cast
<
KaxInfo
*>
(
p_l1
);
b_keep_segment
=
b_initial
;
if
(
unlikely
(
p_info
->
GetSize
()
>=
SIZE_MAX
)
)
if
(
unlikely
(
p_info
->
IsFiniteSize
()
&&
p_info
->
GetSize
()
>=
SIZE_MAX
)
)
{
msg_Err
(
p_demux
,
"KaxInfo too big aborting"
);
break
;
...
...
modules/demux/mkv/matroska_segment.cpp
View file @
d7ddde73
...
...
@@ -139,7 +139,7 @@ void matroska_segment_c::LoadCues( KaxCues *cues )
KaxCueTime
&
ctime
=
*
(
KaxCueTime
*
)
el
;
try
{
if
(
unlikely
(
ctime
.
GetSize
()
>=
SIZE_MAX
)
)
if
(
unlikely
(
!
ctime
.
ValidateSize
()
)
)
{
msg_Err
(
&
sys
.
demuxer
,
"CueTime size too big"
);
b_invalid_cue
=
true
;
...
...
@@ -162,7 +162,7 @@ void matroska_segment_c::LoadCues( KaxCues *cues )
{
while
(
(
el
=
ep
->
Get
()
)
!=
NULL
)
{
if
(
unlikely
(
el
->
GetSize
()
>=
SIZE_MAX
)
)
if
(
unlikely
(
!
el
->
ValidateSize
()
)
)
{
ep
->
Up
();
msg_Err
(
&
sys
.
demuxer
,
"Error %s too big, aborting"
,
typeid
(
*
el
).
name
()
);
...
...
@@ -296,7 +296,7 @@ SimpleTag * matroska_segment_c::ParseSimpleTags( KaxTagSimple *tag, int target_t
{
while
(
(
el
=
ep
->
Get
()
)
!=
NULL
&&
size
<
max_size
)
{
if
(
unlikely
(
el
->
GetSize
()
>=
SIZE_MAX
)
)
if
(
unlikely
(
!
el
->
ValidateSize
()
)
)
{
msg_Err
(
&
sys
.
demuxer
,
"Error %s too big ignoring the tag"
,
typeid
(
*
el
).
name
()
);
delete
ep
;
...
...
@@ -409,7 +409,7 @@ void matroska_segment_c::LoadTags( KaxTags *tags )
{
try
{
if
(
unlikely
(
el
->
GetSize
()
>=
SIZE_MAX
)
)
if
(
unlikely
(
!
el
->
ValidateSize
()
)
)
{
msg_Err
(
&
sys
.
demuxer
,
"Invalid size while reading tag"
);
break
;
...
...
@@ -1351,7 +1351,8 @@ int matroska_segment_c::BlockGet( KaxBlock * & pp_block, KaxSimpleBlock * & pp_s
}
break
;
case
2
:
if
(
unlikely
(
el
->
GetSize
()
>=
SIZE_MAX
)
)
if
(
unlikely
(
!
el
->
ValidateSize
()
||
(
el
->
IsFiniteSize
()
&&
el
->
GetSize
()
>=
SIZE_MAX
)
)
)
{
msg_Err
(
&
sys
.
demuxer
,
"Error while reading %s... upping level"
,
typeid
(
*
el
).
name
());
ep
->
Up
();
...
...
@@ -1388,7 +1389,8 @@ int matroska_segment_c::BlockGet( KaxBlock * & pp_block, KaxSimpleBlock * & pp_s
}
break
;
case
3
:
if
(
unlikely
(
el
->
GetSize
()
>=
SIZE_MAX
)
)
if
(
unlikely
(
!
el
->
ValidateSize
()
||
(
el
->
IsFiniteSize
()
&&
el
->
GetSize
()
>=
SIZE_MAX
)
)
)
{
msg_Err
(
&
sys
.
demuxer
,
"Error while reading %s... upping level"
,
typeid
(
*
el
).
name
());
ep
->
Up
();
...
...
modules/demux/mkv/matroska_segment_parse.cpp
View file @
d7ddde73
...
...
@@ -93,7 +93,7 @@ void matroska_segment_c::ParseSeekHead( KaxSeekHead *seekhead )
{
while
(
(
l
=
ep
->
Get
()
)
!=
NULL
)
{
if
(
unlikely
(
l
->
GetSize
()
>=
SIZE_MAX
)
)
if
(
unlikely
(
!
l
->
ValidateSize
()
)
)
{
msg_Err
(
&
sys
.
demuxer
,
"%s too big... skipping it"
,
typeid
(
*
l
).
name
()
);
continue
;
...
...
@@ -745,7 +745,7 @@ void matroska_segment_c::ParseTracks( KaxTracks *tracks )
int
i_upper_level
=
0
;
/* Master elements */
if
(
unlikely
(
tracks
->
GetSize
()
>=
SIZE_MAX
)
)
if
(
unlikely
(
tracks
->
IsFiniteSize
()
&&
tracks
->
GetSize
()
>=
SIZE_MAX
)
)
{
msg_Err
(
&
sys
.
demuxer
,
"Track too big, aborting"
);
return
;
...
...
@@ -786,7 +786,7 @@ void matroska_segment_c::ParseInfo( KaxInfo *info )
/* Master elements */
m
=
static_cast
<
EbmlMaster
*>
(
info
);
if
(
unlikely
(
m
->
GetSize
()
>=
SIZE_MAX
)
)
if
(
unlikely
(
m
->
IsFiniteSize
()
&&
m
->
GetSize
()
>=
SIZE_MAX
)
)
{
msg_Err
(
&
sys
.
demuxer
,
"Info too big, aborting"
);
return
;
...
...
@@ -914,7 +914,7 @@ void matroska_segment_c::ParseInfo( KaxInfo *info )
KaxChapterTranslate
*
p_trans
=
static_cast
<
KaxChapterTranslate
*>
(
l
);
try
{
if
(
unlikely
(
p_trans
->
GetSize
()
>=
SIZE_MAX
)
)
if
(
unlikely
(
p_trans
->
IsFiniteSize
()
&&
p_trans
->
GetSize
()
>=
SIZE_MAX
)
)
{
msg_Err
(
&
sys
.
demuxer
,
"Chapter translate too big, aborting"
);
continue
;
...
...
@@ -1108,7 +1108,7 @@ void matroska_segment_c::ParseAttachments( KaxAttachments *attachments )
EbmlElement
*
el
;
int
i_upper_level
=
0
;
if
(
unlikely
(
attachments
->
GetSize
()
>=
SIZE_MAX
)
)
if
(
unlikely
(
attachments
->
IsFiniteSize
()
&&
attachments
->
GetSize
()
>=
SIZE_MAX
)
)
{
msg_Err
(
&
sys
.
demuxer
,
"Attachments too big, aborting"
);
return
;
...
...
@@ -1171,7 +1171,7 @@ void matroska_segment_c::ParseChapters( KaxChapters *chapters )
int
i_upper_level
=
0
;
/* Master elements */
if
(
unlikely
(
chapters
->
GetSize
()
>=
SIZE_MAX
)
)
if
(
unlikely
(
chapters
->
IsFiniteSize
()
&&
chapters
->
GetSize
()
>=
SIZE_MAX
)
)
{
msg_Err
(
&
sys
.
demuxer
,
"Chapters too big, aborting"
);
return
;
...
...
@@ -1245,7 +1245,7 @@ void matroska_segment_c::ParseCluster( KaxCluster *cluster, bool b_update_start_
/* Master elements */
m
=
static_cast
<
EbmlMaster
*>
(
cluster
);
if
(
unlikely
(
m
->
GetSize
()
>=
SIZE_MAX
)
)
if
(
unlikely
(
m
->
IsFiniteSize
()
&&
m
->
GetSize
()
>=
SIZE_MAX
)
)
{
msg_Err
(
&
sys
.
demuxer
,
"Cluster too big, aborting"
);
return
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment