RepoMirrors
/
mpv
mirror of https://github.com/mpv-player/mpv
1
0
Fork 0
Code Issues Releases Wiki Activity

demux_mkv: fix a hang with invalid files 

ebml_read_length() could return a negative value (as uint64_t though)
at EOF, and this would then make ebml_read_skip() seek backwards. This
could lead to an infinite loop at EOF with corrupt files. Add an extra
check to make ebml_read_length() return EBML_UINT_INVALID instead if
EOF is hit in the middle of parsing.
This commit is contained in:
Uoti Urpala 2012-10-29 19:58:35 +02:00 committed by wm4
parent c5eeac6654
commit 02daf37328
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libmpdemux/ebml.c
View File

@ -130,6 +130,8 @@ uint64_t ebml_read_length(stream_t *s, int *length)
}
if (j == num_ffs)
return EBML_UINT_INVALID;
if (len >= 1ULL<<63) // Can happen if stream_read_char returns EOF
return EBML_UINT_INVALID;
return len;
}