generic-library/webm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix block parsing to not allow frame_size = 0

Browse Source 
Fixed block parsing to account to cases that would
allow frame_size = 0, only to be rejected later on
Block::GetFrame assert(f.len > 0);

Change-Id: Idb93388b37e1963ec6115ac49f15e4951bc2c724
This commit is contained in:
Leonel Togniolli 2015-04-18 23:06:13 +01:00 committed by James Zern
parent 2cb6a28b09
commit fe1e9bba6e
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
mkvparser.cpp
View File

@ -6924,7 +6924,7 @@ long Block::Parse(const Cluster* pCluster) {
const long long frame_size = stop - pos; const long long frame_size = stop - pos;
if (frame_size > LONG_MAX) if (frame_size > LONG_MAX || frame_size <= 0)
return E_FILE_FORMAT_INVALID; return E_FILE_FORMAT_INVALID;
f.len = static_cast<long>(frame_size); f.len = static_cast<long>(frame_size);
@ -6984,6 +6984,9 @@ long Block::Parse(const Cluster* pCluster) {
f.pos = 0; // patch later f.pos = 0; // patch later
if (frame_size <= 0)
return E_FILE_FORMAT_INVALID;
f.len = frame_size; f.len = frame_size;
size += frame_size; // contribution of this frame size += frame_size; // contribution of this frame
@ -7008,7 +7011,7 @@ long Block::Parse(const Cluster* pCluster) {
const long long frame_size = total_size - size; const long long frame_size = total_size - size;
if (frame_size > LONG_MAX) if (frame_size > LONG_MAX || frame_size <= 0)
return E_FILE_FORMAT_INVALID; return E_FILE_FORMAT_INVALID;
f.len = static_cast<long>(frame_size); f.len = static_cast<long>(frame_size);
@ -7025,6 +7028,9 @@ long Block::Parse(const Cluster* pCluster) {
assert(pos == stop); assert(pos == stop);
} else if (lacing == 2) { // fixed-size lacing } else if (lacing == 2) { // fixed-size lacing
if (pos >= stop)
return E_FILE_FORMAT_INVALID;
const long long total_size = stop - pos; const long long total_size = stop - pos;
if ((total_size % m_frame_count) != 0) if ((total_size % m_frame_count) != 0)
@ -7032,7 +7038,7 @@ long Block::Parse(const Cluster* pCluster) {
const long long frame_size = total_size / m_frame_count; const long long frame_size = total_size / m_frame_count;
if (frame_size > LONG_MAX) if (frame_size > LONG_MAX || frame_size <= 0)
return E_FILE_FORMAT_INVALID; return E_FILE_FORMAT_INVALID;
Frame* pf = m_frames; Frame* pf = m_frames;
@ -7061,7 +7067,7 @@ long Block::Parse(const Cluster* pCluster) {
long long frame_size = ReadUInt(pReader, pos, len); long long frame_size = ReadUInt(pReader, pos, len);
if (frame_size < 0) if (frame_size <= 0)
return E_FILE_FORMAT_INVALID; return E_FILE_FORMAT_INVALID;
if (frame_size > LONG_MAX) if (frame_size > LONG_MAX)
@ -7123,7 +7129,7 @@ long Block::Parse(const Cluster* pCluster) {
frame_size += delta_size; frame_size += delta_size;
if (frame_size < 0) if (frame_size <= 0)
return E_FILE_FORMAT_INVALID; return E_FILE_FORMAT_INVALID;
if (frame_size > LONG_MAX) if (frame_size > LONG_MAX)
@ -7158,7 +7164,7 @@ long Block::Parse(const Cluster* pCluster) {
frame_size = total_size - size; frame_size = total_size - size;
if (frame_size > LONG_MAX) if (frame_size > LONG_MAX || frame_size <= 0)
return E_FILE_FORMAT_INVALID; return E_FILE_FORMAT_INVALID;
curr.len = static_cast<long>(frame_size); curr.len = static_cast<long>(frame_size);