commit a1736157be2052fbeb82863cedd6341c7adc2f26
author matthewjheaney <matthewjheaney@google.com> Thu Feb 10 14:41:54 2011 -0500
committer matthewjheaney <matthewjheaney@google.com> Thu Feb 10 14:41:54 2011 -0500
tree 73dab7b3a62ba015a81977a2139a457c8b004e44
parent 2c835bcc289ba5a312ede5b357e56a1b972351f1

libwebm: handle unknown cluster size in Segment::Load too

Change-Id: I7ed5feb7fe29cd413c8de35274138605725c5b38

mkvparser.cpp

diff --git a/mkvparser.cpp b/mkvparser.cpp
index f7e0b0b..99eaaeb 100644
--- a/mkvparser.cpp
+++ b/mkvparser.cpp
@@ -1769,17 +1769,33 @@
     assert(m_clusters == NULL);

     assert(m_clusterSize == 0);

     assert(m_clusterCount == 0);

-    assert(m_size >= 0);  //TODO: we now allow size < 0

+    //assert(m_size >= 0);

 

     //Outermost (level 0) segment object has been constructed,

     //and pos designates start of payload.  We need to find the

     //inner (level 1) elements.

 

-    const long long stop = m_start + m_size;

+    long long total, avail;

 

-    while (m_pos < stop)

+    const long status = m_pReader->Length(&total, &avail);

+

+    if (status < 0)  //error

+        return status;

+

+    assert((total < 0) || (avail <= total));

+

+    const long long segment_stop = (m_size < 0) ? -1 : m_start + m_size;

+

+    for (;;)

     {

         long long pos = m_pos;

+

+        if ((total >= 0) && (pos >= total))

+            break;

+

+        if ((segment_stop >= 0) && (pos >= segment_stop))

+            break;

+

         const long long element_start = pos;

 

         long len;

@@ -1789,7 +1805,7 @@
         if (result < 0)  //error

             return static_cast<long>(result);

 

-        if ((pos + len) > stop)

+        if ((segment_stop >= 0) && ((pos + len) > segment_stop))

             return E_FILE_FORMAT_INVALID;

 

         const long long idpos = pos;

@@ -1806,7 +1822,7 @@
         if (result < 0)  //error

             return static_cast<long>(result);

 

-        if ((pos + len) > stop)

+        if ((segment_stop >= 0) && ((pos + len) > segment_stop))

             return E_FILE_FORMAT_INVALID;

 

         const long long size = ReadUInt(m_pReader, pos, len);

@@ -1814,13 +1830,18 @@
         if (size < 0)  //error

             return static_cast<long>(size);

 

+        const long long unknown_size = (1LL << (7 * len)) - 1;

+

+        if (size == unknown_size)

+            return E_FILE_FORMAT_INVALID;

+

         pos += len;  //consume length of size of element

 

         const long long element_size = size + pos - element_start;

 

         //Pos now points to start of payload

 

-        if ((pos + size) > stop)

+        if ((segment_stop >= 0) && ((pos + size) > segment_stop))

             return E_FILE_FORMAT_INVALID;

 

         if (id == 0x0F43B675)  //Cluster ID

@@ -1876,8 +1897,6 @@
         m_pos = pos + size;  //consume payload

     }

 

-    assert(m_pos >= stop);

-

     if (m_pInfo == NULL)

         return E_FILE_FORMAT_INVALID;  //TODO: ignore this case?

 

@@ -5494,6 +5513,10 @@
         const long long size = ReadUInt(pReader, pos, len);

         assert(size > 0);

 

+        const long long unknown_size = (1LL << (7 * len)) - 1;

+        unknown_size;

+        assert(size != unknown_size);

+

         pos += len;  //consume size

 

         //pos now points to start of payload