From c0d2c9852bf452b85fdc98755f02ed13b4dc7cad Mon Sep 17 00:00:00 2001
From: James Zern <jzern@google.com>
Date: Mon, 24 Aug 2015 16:48:22 -0700
Subject: [PATCH 1/2] UnserializeFloat: check result for Inf/NaN

fail in either case

BUG=23488728

Change-Id: I1e65f30ff1cf857a5d1eb4bdedc3f842423cf15f
---
 mkvparser.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/mkvparser.cpp b/mkvparser.cpp
index 4bab5f5..157ead6 100644
--- a/mkvparser.cpp
+++ b/mkvparser.cpp
@@ -11,6 +11,7 @@
 #include <cstring>
 #include <new>
 #include <climits>
+#include <cmath>
 
 #ifdef _MSC_VER
 // Disable MSVC warnings that suggest making code non-portable.
@@ -206,6 +207,9 @@ long mkvparser::UnserializeFloat(IMkvReader* pReader, long long pos,
     result = d;
   }
 
+  if (std::isinf(result) || std::isnan(result))
+    return E_FILE_FORMAT_INVALID;
+
   return 0;
 }
 

From 6b4b297220598a29425abbe8c0a55d16cb78e294 Mon Sep 17 00:00:00 2001
From: James Zern <jzern@google.com>
Date: Mon, 24 Aug 2015 17:00:34 -0700
Subject: [PATCH 2/2] Block::Parse: use int64 to aggregate laced frame sizes

this is compared against a final total which is also int64

BUG=23488728

Change-Id: Ie4318152f9f9ae049a35d0b2724ccad129316981
---
 mkvparser.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mkvparser.cpp b/mkvparser.cpp
index 157ead6..8128bc6 100644
--- a/mkvparser.cpp
+++ b/mkvparser.cpp
@@ -7369,7 +7369,7 @@ long Block::Parse(const Cluster* pCluster) {
     Frame* pf = m_frames;
     Frame* const pf_end = pf + m_frame_count;
 
-    long size = 0;
+    long long size = 0;
     int frame_count = m_frame_count;
 
     while (frame_count > 1) {
@@ -7492,7 +7492,7 @@ long Block::Parse(const Cluster* pCluster) {
     if (pos >= stop)
       return E_FILE_FORMAT_INVALID;
 
-    long size = 0;
+    long long size = 0;
     int frame_count = m_frame_count;
 
     long long frame_size = ReadUInt(pReader, pos, len);