From eb33be188d2acb99e8f0f6a5cb45c931ed947cd0 Mon Sep 17 00:00:00 2001 From: Andreas Rheinhardt Date: Sat, 6 Jul 2019 18:59:22 +0200 Subject: matroskadec: Fix overflow introduced in a569a7b3 This commit fixes an overflow introduced in a569a7b3 that affected EBML elements that the Matroska demuxer doesn't want to parse like CRC-32 elements. The return value of avio_skip (the new position on success or an AVERROR on failure) has been assigned to an integer which meant that new positions in the range of 2GB to 4GB-1 etc. were considered errors. Fixes ticket #8001. Signed-off-by: Andreas Rheinhardt Signed-off-by: James Almer --- libavformat/matroskadec.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'libavformat/matroskadec.c') diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index bc73bfed11..4d7076fa26 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1259,12 +1259,13 @@ static int ebml_parse_elem(MatroskaDemuxContext *matroska, return 1; default: if (length) { + int64_t res2; if (ffio_limit(pb, length) != length) { // ffio_limit emits its own error message, // so we don't have to. return AVERROR(EIO); } - if ((res = avio_skip(pb, length - 1)) >= 0) { + if ((res2 = avio_skip(pb, length - 1)) >= 0) { // avio_skip might take us past EOF. We check for this // by skipping only length - 1 bytes, reading a byte and // checking the error flags. This is done in order to check @@ -1272,7 +1273,8 @@ static int ebml_parse_elem(MatroskaDemuxContext *matroska, // no filesize (that ffio_limit relies on) is available. avio_r8(pb); res = NEEDS_CHECKING; - } + } else + res = res2; } else res = 0; } -- cgit v1.2.3