[FFmpeg-devel] [PATCH] avformat/matroskadec: fix handling of recursive SeekHead elements
Michael Niedermayer
michaelni at gmx.at
Sun Dec 7 22:55:22 CET 2014
On Sat, Dec 06, 2014 at 04:53:30PM +0100, wm4 wrote:
> When matroska_execute_seekhead() is called, it goes through the list of
> seekhead entries and attempts to read elements not read yet. When doing
> this, the parser can find further SeekHead elements, and will extend the
> matroska->seekhead list. This can lead to a (practically) infinite loop
> with certain broken files. (Maybe it can happen even with valid files.
> The demuxer doesn't seem to check correctly whether an element has
> already been read.)
>
> Fix this by ignoring elements that were added to the seekhead field
> during executing seekhead entries.
>
> This does not fix the possible situation when multiple SeekHead elements
> after the file header (i.e. occur after the "before_pos" file position)
> point to the same elements. These elements will probably be parsed
> multiple times, likely leading to bugs.
>
> Fixes ticket #4162.
> ---
> I hope my analysis of the problem is correct.
applied
i also added a request for samples for this case (couldnt find any
except that fuzzed file)
thanks
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
The educated differ from the uneducated as much as the living from the
dead. -- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20141207/6e518f2a/attachment.asc>
More information about the ffmpeg-devel
mailing list