From 3533ee3ae4b4dc2727dd499081d9edda55925749 Mon Sep 17 00:00:00 2001 From: wm4 Date: Thu, 28 Mar 2013 00:00:39 +0100 Subject: [PATCH] demux_mkv: fix skipping broken header elements Fixes test4.mkv from the Matroska test file collection. demux_mkv_open() contains a loop that reads header elements. It starts by reading the EBML element ID with ebml_read_id(). If there is broken data in the header, ebml_read_id() might return EBML_ID_INVALID. However, that is not handled specially, and the code for handling unknown tags is invoked. This reads the EBML element length in order to skip data, which, if the EBML ID is broken, is entirely random. This caused a seek beyond the end of the file, making the demuxer fail. So don't skip any data if the EBML ID was invalid, and simply try to read the next element. ebml_read_id() reads at least one byte, so the parsing loop won't get stuck. All in all this is rather questionable, but since this affects error situations only, makes behavior a bit more robust (no random seeks), and actually fixes at least one sample, it's ok. libavformat's demuxer handled this. --- demux/demux_mkv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demux/demux_mkv.c b/demux/demux_mkv.c index 1e9a61806e..6d9ace28b6 100644 --- a/demux/demux_mkv.c +++ b/demux/demux_mkv.c @@ -1066,7 +1066,7 @@ static int read_header_element(struct demuxer *demuxer, uint32_t id, default: res = 2; } - if (!at_filepos) + if (!at_filepos && id != EBML_ID_INVALID) ebml_read_skip(s, NULL); return res; }