mirror of
https://github.com/mpv-player/mpv
synced 2025-03-22 11:18:32 +00:00
ebml: warn if there are too many subelements
Seems like a good idea.
This commit is contained in:
wm4
parent
d9aaf78530
commit
c15957b43a
10
demux/ebml.c
10
demux/ebml.c
@ -420,12 +420,16 @@ static void ebml_parse_element(struct ebml_parse_ctx *ctx, void *target,
|
|||||||
if (num_elems[i] && type->fields[i].multiple) {
|
if (num_elems[i] && type->fields[i].multiple) {
|
||||||
char *ptr = s + type->fields[i].offset;
|
char *ptr = s + type->fields[i].offset;
|
||||||
switch (type->fields[i].desc->type) {
|
switch (type->fields[i].desc->type) {
|
||||||
case EBML_TYPE_SUBELEMENTS:
|
case EBML_TYPE_SUBELEMENTS: {
|
||||||
num_elems[i] = FFMIN(num_elems[i],
|
size_t max = 1000000000 / type->fields[i].desc->size;
|
||||||
1000000000 / type->fields[i].desc->size);
|
if (num_elems[i] > max) {
|
||||||
|
MP_ERR(ctx, "Too many subelements.\n");
|
||||||
|
num_elems[i] = max;
|
||||||
|
}
|
||||||
int sz = num_elems[i] * type->fields[i].desc->size;
|
int sz = num_elems[i] * type->fields[i].desc->size;
|
||||||
*(generic_struct **) ptr = talloc_zero_size(ctx->talloc_ctx, sz);
|
*(generic_struct **) ptr = talloc_zero_size(ctx->talloc_ctx, sz);
|
||||||
break;
|
break;
|
||||||
|
}
|
||||||
case EBML_TYPE_UINT:
|
case EBML_TYPE_UINT:
|
||||||
*(uint64_t **) ptr = talloc_zero_array(ctx->talloc_ctx,
|
*(uint64_t **) ptr = talloc_zero_array(ctx->talloc_ctx,
|
||||||
uint64_t, num_elems[i]);
|
uint64_t, num_elems[i]);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user