Commit b648c469 authored by Steve Lhomme's avatar Steve Lhomme

contrib:ebml: fix the loop exit when bogus data are found

parent 64f1615a
From b66ca475be967547af9a3784e720fbbacd381be6 Mon Sep 17 00:00:00 2001
From: Steve Lhomme <slhomme@matroska.org>
Date: Mon, 22 Jan 2018 15:42:53 +0100
Subject: [PATCH] Exit the max size loop when there's nothing left possible to
find
DataStream.getFilePointer() is not correct in this context. It might force to
exit too early.
---
src/EbmlElement.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/EbmlElement.cpp b/src/EbmlElement.cpp
index ac0be41..061074b 100644
--- a/src/EbmlElement.cpp
+++ b/src/EbmlElement.cpp
@@ -478,7 +478,7 @@ EbmlElement * EbmlElement::FindNextElement(IOCallback & DataStream, const EbmlSe
ReadIndex = SizeIdx - 1;
memmove(&PossibleIdNSize[0], &PossibleIdNSize[1], ReadIndex);
UpperLevel = UpperLevel_original;
- } while ( MaxDataSize > DataStream.getFilePointer() - SizeIdx + PossibleID_Length );
+ } while ( MaxDataSize >= ReadSize );
return NULL;
}
--
2.10.1.windows.1
......@@ -16,6 +16,7 @@ ebml: libebml-$(EBML_VERSION).tar.xz .sum-ebml
$(UNPACK)
$(APPLY) $(SRC)/ebml/ebml-maxread.patch
$(APPLY) $(SRC)/ebml/unknown-check.patch
$(APPLY) $(SRC)/ebml/max-size-loop.patch
$(MOVE)
# libebml requires exceptions
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment