diff options
Diffstat (limited to 'libavformat')
-rw-r--r-- | libavformat/matroskadec.c | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 2485d8edf4..26a1d702a4 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1169,6 +1169,8 @@ static int ebml_parse(MatroskaDemuxContext *matroska, EbmlSyntax *syntax, void *data) { static const uint64_t max_lengths[EBML_TYPE_COUNT] = { + // Forbid unknown-length EBML_NONE elements. + [EBML_NONE] = EBML_UNKNOWN_LENGTH - 1, [EBML_UINT] = 8, [EBML_SINT] = 8, [EBML_FLOAT] = 8, @@ -1253,12 +1255,6 @@ static int ebml_parse(MatroskaDemuxContext *matroska, matroska->current_id = 0; if ((res = ebml_read_length(matroska, pb, &length)) < 0) return res; - if (max_lengths[syntax->type] && length > max_lengths[syntax->type]) { - av_log(matroska->ctx, AV_LOG_ERROR, - "Invalid length 0x%"PRIx64" > 0x%"PRIx64" for syntax element %i\n", - length, max_lengths[syntax->type], syntax->type); - return AVERROR_INVALIDDATA; - } pos_alt += res; @@ -1297,6 +1293,26 @@ static int ebml_parse(MatroskaDemuxContext *matroska, } else level_check = 0; + if (max_lengths[syntax->type] && length > max_lengths[syntax->type]) { + if (length != EBML_UNKNOWN_LENGTH) { + av_log(matroska->ctx, AV_LOG_ERROR, + "Invalid length 0x%"PRIx64" > 0x%"PRIx64" for element " + "with ID 0x%"PRIX32" at 0x%"PRIx64"\n", + length, max_lengths[syntax->type], id, pos); + } else if (syntax->type != EBML_NONE) { + av_log(matroska->ctx, AV_LOG_ERROR, + "Element with ID 0x%"PRIX32" at pos. 0x%"PRIx64" has " + "unknown length, yet the length of an element of its " + "type must be known.\n", id, pos); + } else { + av_log(matroska->ctx, AV_LOG_ERROR, + "Found unknown-length element with ID 0x%"PRIX32" at " + "pos. 0x%"PRIx64" for which no syntax for parsing is " + "available.\n", id, pos); + } + return AVERROR_INVALIDDATA; + } + if (!(pb->seekable & AVIO_SEEKABLE_NORMAL)) { // Loosing sync will likely manifest itself as encountering unknown // elements which are not reliably distinguishable from elements |