Re: [FFmpeg-devel] [PATCH] avformat/matroskadec: Check parents remaining length

Thu, 21 Feb 2019 14:31:37 -0800 

One of our test clips is behaving differently after this patch:
https://cs.chromium.org/chromium/src/media/test/data/bear-320x240-live.webm

The printed log message is:
[matroska,webm @ 0x1516c84f4e00] Invalid length 0xffffffffffffff >
0x10000000000002f in parent

Looking through the code I'm unsure which of the mixed usage "(uint64_t)-1"
and "2**56-1" as marker values is correct. Changing the code to:
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 9b706ab4e0..3015a0b230 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1205,7 +1205,7 @@ static int ebml_parse_elem(MatroskaDemuxContext
*matroska,
             MatroskaLevel *level = &matroska->levels[matroska->num_levels
- 1];
             AVIOContext *pb = matroska->ctx->pb;
             int64_t pos = avio_tell(pb);
-            if (level->length != (uint64_t) -1 &&
+            if (level->length != 0xffffffffffffffULL &&
                 (pos + length) > (level->start + level->length)) {
                 av_log(matroska->ctx, AV_LOG_ERROR,
                        "Invalid length 0x%"PRIx64" > 0x%"PRIx64" in
parent\n",

Resolves our issues. Should all other length tests be done the same way?

- dale

On Sun, Feb 17, 2019 at 12:45 AM Michael Niedermayer <michae...@gmx.at>
wrote:

> On Wed, Feb 13, 2019 at 01:41:31PM +0100, Michael Niedermayer wrote:
> > Reported-by: Steve Lhomme
> > This was found through the Hacker One program on VLC but is not a
> security issue in libavformat
> > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
> > ---
> >  libavformat/matroskadec.c | 21 +++++++++++++++++++++
> >  1 file changed, 21 insertions(+)
>
> will apply an equivalent variant from steve
>
> [...]
> --
> Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> Asymptotically faster algorithms should always be preferred if you have
> asymptotical amounts of data
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Reply via email to