jenkins-bot has submitted this change and it was merged.

Change subject: Add check to File_Ogg for cut-off page headers
......................................................................


Add check to File_Ogg for cut-off page headers

Should prevent logspam warning about unpack() failing on short input.

If a file was cut off in the middle of an Ogg page header, it might
try to parse the header and didn't have error checking inside. Now
checks that the header is the expected length, and reports back as
a parse failure which should throw an OggException which will either
get caught sanely or throw a backtrace that's more findable in logs.

Bug: T144483
Change-Id: I96c47a8b2fe9f27868a28d9ed9e0450b662c35c2
---
M handlers/OggHandler/File_Ogg/File/Ogg.php
1 file changed, 9 insertions(+), 0 deletions(-)

Approvals:
  Paladox: Looks good to me, but someone else must approve
  Brion VIBBER: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/handlers/OggHandler/File_Ogg/File/Ogg.php 
b/handlers/OggHandler/File_Ogg/File/Ogg.php
index ca281e2..a5d358f 100644
--- a/handlers/OggHandler/File_Ogg/File/Ogg.php
+++ b/handlers/OggHandler/File_Ogg/File/Ogg.php
@@ -357,6 +357,10 @@
      */
     function _decodePageHeader($pageData, $pageOffset, $groupId)
     {
+        // Don't blindly substr() and unpack() if data is cut off
+        if (strlen($pageData) < 27)
+            return (false);
+
         // Extract the various bits and pieces found in each packet header.
         if (substr($pageData, 0, 4) != OGG_CAPTURE_PATTERN)
             return (false);
@@ -379,6 +383,11 @@
         $page_sequence   = unpack("Vdata", substr($pageData, 18, 4));
         $checksum        = unpack("Vdata", substr($pageData, 22, 4));
         $page_segments   = unpack("Cdata", substr($pageData, 26, 1));
+
+        // Header is extended with segment lengths; make sure we have data.
+        if (strlen($pageData) < 27 + $page_segments['data'])
+            return (false);
+
         $segments_total  = 0;
         for ($i = 0; $i < $page_segments['data']; ++$i) {
             $segment_length = unpack("Cdata", substr($pageData, 26 + ($i + 1), 
1));

-- 
To view, visit https://gerrit.wikimedia.org/r/316000
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I96c47a8b2fe9f27868a28d9ed9e0450b662c35c2
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/TimedMediaHandler
Gerrit-Branch: master
Gerrit-Owner: Brion VIBBER <br...@wikimedia.org>
Gerrit-Reviewer: Brion VIBBER <br...@wikimedia.org>
Gerrit-Reviewer: Paladox <thomasmulhall...@yahoo.com>
Gerrit-Reviewer: TheDJ <hartman.w...@gmail.com>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to