generic-library/webm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix incremental parsing in CreateInstance

Browse Source 
- Segment::CreateInstance was treating the available data as EOF
  and returning errors.
- Added a check for potential underflow if the segment was not the
  first element after the EBML header.

Change-Id: I481bf0eea71eeb3def3bf54ec251be0b2ae13536
This commit is contained in:
Frank Galligan
2012-09-12 17:56:48 -07:00
parent 07ac1947f0
commit 537da82f37
1 changed files with 10 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
mkvparser.cpp
View File

@@ -747,9 +747,6 @@ long long Segment::CreateInstance(
if ((total >= 0) && (available > total)) if ((total >= 0) && (available > total))
return -1; return -1;
const long long end = (total >= 0) ? total : available;
//TODO: this might need to be liberalized
//I would assume that in practice this loop would execute //I would assume that in practice this loop would execute
//exactly once, but we allow for other elements (e.g. Void) //exactly once, but we allow for other elements (e.g. Void)
//to immediately follow the EBML header. This is fine for //to immediately follow the EBML header. This is fine for
@@ -767,17 +764,19 @@ long long Segment::CreateInstance(
//which a slightly different sense from "try to parse up to //which a slightly different sense from "try to parse up to
//10 EMBL elements before giving up". //10 EMBL elements before giving up".
while (pos < end) for (;;)
{ {
//Read ID if ((total >= 0) && (pos >= total))
return E_FILE_FORMAT_INVALID;
//Read ID
long len; long len;
long long result = GetUIntLength(pReader, pos, len); long long result = GetUIntLength(pReader, pos, len);
if (result) //error, or too few available bytes if (result) //error, or too few available bytes
return result; return result;
if ((pos + len) > end) if ((total >= 0) && ((pos + len) > total))
return E_FILE_FORMAT_INVALID; return E_FILE_FORMAT_INVALID;
if ((pos + len) > available) if ((pos + len) > available)
@@ -798,7 +797,7 @@ long long Segment::CreateInstance(
if (result) //error, or too few available bytes if (result) //error, or too few available bytes
return result; return result;
if ((pos + len) > end) if ((total >= 0) && ((pos + len) > total))
return E_FILE_FORMAT_INVALID; return E_FILE_FORMAT_INVALID;
if ((pos + len) > available) if ((pos + len) > available)
@@ -843,14 +842,14 @@ long long Segment::CreateInstance(
if (size == unknown_size) if (size == unknown_size)
return E_FILE_FORMAT_INVALID; return E_FILE_FORMAT_INVALID;
if ((pos + size) > end) if ((total >= 0) && ((pos + size) > total))
return E_FILE_FORMAT_INVALID; return E_FILE_FORMAT_INVALID;
if ((pos + size) > available)
return pos + size;
pos += size; //consume payload pos += size; //consume payload
} }
return E_FILE_FORMAT_INVALID; //there is no segment
//TODO: this might need to be liberalized. See comments above.
} }