rpms
/
libmatroska
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'epel8'
${ noResults }
libmatroska/libmatroska-memory.patch

54 lines
2.3 KiB
Raw Permalink Blame History

diff -ruwbBd libmatroska-1.5.0/src/KaxBlock.cpp libmatroska-1.5.1/src/KaxBlock.cpp
--- libmatroska-1.5.0/src/KaxBlock.cpp 2019-03-12 20:54:34.000000000 +0100
+++ libmatroska-1.5.1/src/KaxBlock.cpp 2019-05-25 12:16:54.000000000 +0200
@@ -628,11 +628,12 @@
// put all Frames in the list
if (mLacing != LACING_NONE) {
// read the number of frames in the lace
- uint32 LastBufferSize = GetSize() - BlockHeadSize - 1; // 1 for number of frame
+ const uint32 TotalLacedSize = GetSize() - BlockHeadSize - 1; // 1 for number of frame
+ uint32 LastBufferSize = TotalLacedSize;
uint8 FrameNum = _TempHead[0]; // number of frames in the lace - 1
// read the list of frame sizes
uint8 Index;
- int32 FrameSize;
+ uint32 FrameSize;
uint32 SizeRead;
uint64 SizeUnknown;
@@ -646,6 +647,8 @@
do {
Result += input.read(_TempHead, 1);
FrameSize += uint8(_TempHead[0]);
+ if (FrameSize > TotalLacedSize)
+ throw SafeReadIOCallback::EndOfStreamX(0);
LastBufferSize--;
FirstFrameLocation++;
@@ -662,6 +665,8 @@
cursor = _tmpBuf = new binary[FrameNum*4]; /// \warning assume the mean size will be coded in less than 4 bytes
Result += input.read(cursor, FrameNum*4);
FrameSize = ReadCodedSizeValue(cursor, SizeRead, SizeUnknown);
+ if (FrameSize > TotalLacedSize)
+ throw SafeReadIOCallback::EndOfStreamX(0);
SizeList[0] = FrameSize;
cursor += SizeRead;
LastBufferSize -= FrameSize + SizeRead;
@@ -670,6 +675,8 @@
// get the size of the frame
SizeRead = LastBufferSize;
FrameSize += ReadCodedSizeSignedValue(cursor, SizeRead, SizeUnknown);
+ if (FrameSize > TotalLacedSize)
+ throw SafeReadIOCallback::EndOfStreamX(0);
SizeList[Index] = FrameSize;
cursor += SizeRead;
LastBufferSize -= FrameSize + SizeRead;
@@ -703,7 +710,6 @@
} catch (SafeReadIOCallback::EndOfStreamX &) {
SetValueIsSet(false);
- std::memset(EbmlBinary::GetBuffer(), 0, GetSize());
myBuffers.clear();
SizeList.clear();
Timecode = 0;
Reference in new issue View Git Blame Copy Permalink