vlc | branch: master | Francois Cartegnie <fcvlc...@free.fr> | Mon Nov 25 18:13:09 2013 +0100| [2ca8c9db8064dcb8b9c683ec9b160464f6f3580e] | committer: Francois Cartegnie
demux: asf: enforce root object boundary (fix #9441) Seems some encoder reuses previous memory area for junk sections. > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=2ca8c9db8064dcb8b9c683ec9b160464f6f3580e --- modules/demux/asf/libasf.c | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/modules/demux/asf/libasf.c b/modules/demux/asf/libasf.c index 8232656..08e56a7 100644 --- a/modules/demux/asf/libasf.c +++ b/modules/demux/asf/libasf.c @@ -141,9 +141,16 @@ static int ASF_ReadObjectCommon( stream_t *s, asf_object_t *p_obj ) return VLC_SUCCESS; } -static int ASF_NextObject( stream_t *s, asf_object_t *p_obj ) +static int ASF_NextObject( stream_t *s, asf_object_t *p_obj, uint64_t i_boundary ) { asf_object_t obj; + + int64_t i_pos = stream_Tell( s ); + if ( i_boundary && i_pos >= 0 && (uint64_t) i_pos >= i_boundary ) + { + return VLC_EGENERIC; + } + if( p_obj == NULL ) { if( ASF_ReadObjectCommon( s, &obj ) ) @@ -213,7 +220,7 @@ static int ASF_ReadObject_Header( stream_t *s, asf_object_t *p_obj ) free( p_subobj ); break; } - if( ASF_NextObject( s, p_subobj ) ) /* Go to the next object */ + if( ASF_NextObject( s, p_subobj, 0 ) ) /* Go to the next object */ break; } return VLC_SUCCESS; @@ -505,7 +512,7 @@ static int ASF_ReadObject_header_extension( stream_t *s, asf_object_t *p_obj ) break; } - if( ASF_NextObject( s, p_obj ) ) /* Go to the next object */ + if( ASF_NextObject( s, p_obj, 0 ) ) /* Go to the next object */ { break; } @@ -1603,6 +1610,7 @@ asf_object_root_t *ASF_ReadObjectRoot( stream_t *s, int b_seekable ) { asf_object_root_t *p_root = malloc( sizeof( asf_object_root_t ) ); asf_object_t *p_obj; + uint64_t i_boundary = 0; if( !p_root ) return NULL; @@ -1632,12 +1640,15 @@ asf_object_root_t *ASF_ReadObjectRoot( stream_t *s, int b_seekable ) switch( p_obj->common.i_type ) { case( ASF_OBJECT_HEADER ): + if ( p_root->p_index || p_root->p_data || p_root->p_hdr ) break; p_root->p_hdr = (asf_object_header_t*)p_obj; break; case( ASF_OBJECT_DATA ): + if ( p_root->p_index || p_root->p_data ) break; p_root->p_data = (asf_object_data_t*)p_obj; - break; + break; case( ASF_OBJECT_INDEX ): + if ( p_root->p_index ) break; p_root->p_index = (asf_object_index_t*)p_obj; break; default: @@ -1645,6 +1656,13 @@ asf_object_root_t *ASF_ReadObjectRoot( stream_t *s, int b_seekable ) GUID_PRINT( p_obj->common.i_object_id ) ); break; } + + /* Set a limit to avoid junk when possible */ + if ( !guidcmp( &p_obj->common.i_object_id, &asf_object_file_properties_guid ) ) + { + i_boundary = p_obj->file_properties.i_file_size; + } + if( p_obj->common.i_type == ASF_OBJECT_DATA && p_obj->common.i_object_size <= 50 ) { @@ -1657,7 +1675,7 @@ asf_object_root_t *ASF_ReadObjectRoot( stream_t *s, int b_seekable ) break; } - if( ASF_NextObject( s, p_obj ) ) /* Go to the next object */ + if( ASF_NextObject( s, p_obj, i_boundary ) ) /* Go to the next object */ break; } _______________________________________________ vlc-commits mailing list vlc-commits@videolan.org https://mailman.videolan.org/listinfo/vlc-commits
