and call it from ParseUncompressedHeader. this avoids attempts to parse
a stale buffer should SetFrame fail.
BUG=webm:1493
Change-Id: I441ae9d0db3f0a01d73902a8f5b06812e2e93422
Avoids crashes in allocators when fuzzers or maliciously
crafted streams make elements appear extremely large.
BUG=b/68352235
Change-Id: I71c293d8abdff0d188a881c4366bc09182ac32f8
The maximum recursion depth is set to 25. If that's not sufficient for
someone's needs, they're welcome to submit a patch that makes it
configurable.
This fixes a stack overflow found by AutoFuzz. The stack overflow was
caused by recursing too much. I've included the fuzzer's test cases in
the fuzzing/corpus directory. I've also created two (one for SimpleTag
and ChapterAtom each) additional test files, each comprised of 10,000
recursively nested elements. Manually running the fuzzer (with ASan and
UBSan) shows all inputs are now handled correctly, and no stack
overflows occur.
Change-Id: I8514259fd0788e71a58e3ccce2a0fb8a3523acfc
- Deal with tmpnam_s() preproc issues in file_util.cc
when building with mingw-w64..
- Add stdint.h include in mkvmuxer.cc.
Change-Id: I819a27e6d805d772a6e1863982a2eeafd27b2a0d
tc * scale could overflow theoretically (as it did in a fuzzed
file). The return -1 isn't really well defined, but that'll
probably do given this this is an extreme outlier case.
BUG=b/64953172
Change-Id: Id4aba673c3f85dee6ee25cc5f4b2db73b30ca8b3
Add command line for projection_type, projection_pose_{yaw,pitch,roll}.
Use a file for projection_private data to allow setting the contents
for cubemap, equirect, or mesh.
Change-Id: I45f20c68a5d01150d0fb3882ad1c587a8b9f63f2
replace assert with a check of the pointer, this is a public function so
should be tolerant of invalid parameters
BUG=webm:1415
Change-Id: I28a3a2ef905d62f11928dbbe54c119411d2b1f74
use GetTrackByIndex() rather than GetTrackByNumber(). the former is
0-based the latter is by track id, this loop iterates through all tracks
based on the track count.
fixes a segfault with tracks non-starting at 1 / increasing by 1.
BUG=webm:1415
Change-Id: I916328575d0871cf4090b1d123644d6f01e6ffb1
this path has been error checked since:
986b64b mkvparser: Add error checking in Block::Parse.
BUG=webm:1405
Change-Id: I1c17c05076455f25ab888555d71d7b27c032e9dd
FLT_MIN is the smallest finite value (numeric_limits::min()) -FLT_MAX is
the correct for the most negative (numeric_limits::lowest())
http://en.cppreference.com/w/cpp/types/numeric_limits
BUG=b/36255773
BUG=webm:1381
Change-Id: Iaaff611acffc3df28fef12af81ac5299791f0148
Users who want this feature can explicitly turn it on. Since it
involves estimating, it should be off by default.
Change-Id: I3e934169d19b68a276c21d694179350c5b315a5a
PrimaryChromaticity::Parse never owns the PrimaryChromaticity
it allocates-- avoid freeing it because doing so results in a
double free when the MasteringMetadata dtor runs.
BUG=webm:1381
Change-Id: Ief0159f6ab667234e3fdc51c65f23ef5efb32a71
EbmlElementSize for char* assumes that the varint encoding of
payload size is always 1-byte. Fix that by using the correct
number of bytes.
mkvinfo of the new gold file: http://pastebin.com/ncR7DqEf
Change-Id: I2d10708de77b2b8089900a8719ee3797dfb6994c
A target must exist before its properties can be set. Defer
libwebm target rename on windows until after creation of the
webm library target.
Change-Id: I29c5e90f1f653a00ff156316c03b0ffd78e9a998