From fe1e9bba6ebcc5bdaa2fc6e8ea90dba11dd51ef0 Mon Sep 17 00:00:00 2001 From: Leonel Togniolli Date: Sat, 18 Apr 2015 23:06:13 +0100 Subject: [PATCH] Fix block parsing to not allow frame_size = 0 Fixed block parsing to account to cases that would allow frame_size = 0, only to be rejected later on Block::GetFrame assert(f.len > 0); Change-Id: Idb93388b37e1963ec6115ac49f15e4951bc2c724 --- mkvparser.cpp | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/mkvparser.cpp b/mkvparser.cpp index b78f998..609a46b 100644 --- a/mkvparser.cpp +++ b/mkvparser.cpp @@ -6924,7 +6924,7 @@ long Block::Parse(const Cluster* pCluster) { const long long frame_size = stop - pos; - if (frame_size > LONG_MAX) + if (frame_size > LONG_MAX || frame_size <= 0) return E_FILE_FORMAT_INVALID; f.len = static_cast(frame_size); @@ -6984,6 +6984,9 @@ long Block::Parse(const Cluster* pCluster) { f.pos = 0; // patch later + if (frame_size <= 0) + return E_FILE_FORMAT_INVALID; + f.len = frame_size; size += frame_size; // contribution of this frame @@ -7008,7 +7011,7 @@ long Block::Parse(const Cluster* pCluster) { const long long frame_size = total_size - size; - if (frame_size > LONG_MAX) + if (frame_size > LONG_MAX || frame_size <= 0) return E_FILE_FORMAT_INVALID; f.len = static_cast(frame_size); @@ -7025,6 +7028,9 @@ long Block::Parse(const Cluster* pCluster) { assert(pos == stop); } else if (lacing == 2) { // fixed-size lacing + if (pos >= stop) + return E_FILE_FORMAT_INVALID; + const long long total_size = stop - pos; if ((total_size % m_frame_count) != 0) @@ -7032,7 +7038,7 @@ long Block::Parse(const Cluster* pCluster) { const long long frame_size = total_size / m_frame_count; - if (frame_size > LONG_MAX) + if (frame_size > LONG_MAX || frame_size <= 0) return E_FILE_FORMAT_INVALID; Frame* pf = m_frames; @@ -7061,7 +7067,7 @@ long Block::Parse(const Cluster* pCluster) { long long frame_size = ReadUInt(pReader, pos, len); - if (frame_size < 0) + if (frame_size <= 0) return E_FILE_FORMAT_INVALID; if (frame_size > LONG_MAX) @@ -7123,7 +7129,7 @@ long Block::Parse(const Cluster* pCluster) { frame_size += delta_size; - if (frame_size < 0) + if (frame_size <= 0) return E_FILE_FORMAT_INVALID; if (frame_size > LONG_MAX) @@ -7158,7 +7164,7 @@ long Block::Parse(const Cluster* pCluster) { frame_size = total_size - size; - if (frame_size > LONG_MAX) + if (frame_size > LONG_MAX || frame_size <= 0) return E_FILE_FORMAT_INVALID; curr.len = static_cast(frame_size);