Brion VIBBER has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/316000

Change subject: Add check to File_Ogg for cut-off page headers
......................................................................

Add check to File_Ogg for cut-off page headers

Should prevent logspam warning about unpack() failing on short input.

If a file was cut off in the middle of an Ogg page header, it might
try to parse the header and didn't have error checking inside. Now
checks that the header is the expected length, and reports back as
a parse failure which should throw an OggException which will either
get caught sanely or throw a backtrace that's more findable in logs.

Bug: T144483
Change-Id: I96c47a8b2fe9f27868a28d9ed9e0450b662c35c2
---
M handlers/OggHandler/File_Ogg/File/Ogg.php
1 file changed, 9 insertions(+), 0 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/TimedMediaHandler 
refs/changes/00/316000/1

diff --git a/handlers/OggHandler/File_Ogg/File/Ogg.php 
b/handlers/OggHandler/File_Ogg/File/Ogg.php
index ca281e2..a5d358f 100644
--- a/handlers/OggHandler/File_Ogg/File/Ogg.php
+++ b/handlers/OggHandler/File_Ogg/File/Ogg.php
@@ -357,6 +357,10 @@
      */
     function _decodePageHeader($pageData, $pageOffset, $groupId)
     {
+        // Don't blindly substr() and unpack() if data is cut off
+        if (strlen($pageData) < 27)
+            return (false);
+
         // Extract the various bits and pieces found in each packet header.
         if (substr($pageData, 0, 4) != OGG_CAPTURE_PATTERN)
             return (false);
@@ -379,6 +383,11 @@
         $page_sequence   = unpack("Vdata", substr($pageData, 18, 4));
         $checksum        = unpack("Vdata", substr($pageData, 22, 4));
         $page_segments   = unpack("Cdata", substr($pageData, 26, 1));
+
+        // Header is extended with segment lengths; make sure we have data.
+        if (strlen($pageData) < 27 + $page_segments['data'])
+            return (false);
+
         $segments_total  = 0;
         for ($i = 0; $i < $page_segments['data']; ++$i) {
             $segment_length = unpack("Cdata", substr($pageData, 26 + ($i + 1), 
1));

-- 
To view, visit https://gerrit.wikimedia.org/r/316000
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I96c47a8b2fe9f27868a28d9ed9e0450b662c35c2
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/TimedMediaHandler
Gerrit-Branch: master
Gerrit-Owner: Brion VIBBER <br...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to