diff options
author | wm4 <wm4@nowhere> | 2018-09-08 16:16:20 +0200 |
---|---|---|
committer | sfan5 <sfan5@live.de> | 2018-10-01 10:41:01 +0200 |
commit | 7e85dc2167b7524308159915d5c1d3341464977f (patch) | |
tree | 6bd8b4290bac01ca968349c136ac486bcc1a65ad | |
parent | a6fb94cf07b8664fecb100489368e0f35d56f946 (diff) | |
download | mpv-7e85dc2167b7524308159915d5c1d3341464977f.tar.bz2 mpv-7e85dc2167b7524308159915d5c1d3341464977f.tar.xz |
stream_libarchive: fix hangs when demuxer does out of bound seeks
This happened with a .flac file inside an archive. It tried to seek
beyond the end of the archive entry in a format where seeking isn't
supported. stream_libarchive handles these situations by skipping data.
But when the end of the archive is reached, archive_read_data() returns
0. While libarchive didn't bother to fucking document this, they do say
it's supposed to work like read(), so I guess a return value of 0 really
means EOF. So change the "< 0" to "<= 0". Also add some error logging.
The same file actually worked without out of bounds reads when
extracted, so there still might be something very wrong.
-rw-r--r-- | stream/stream_libarchive.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/stream/stream_libarchive.c b/stream/stream_libarchive.c index bb25c6ad84..119af8eea4 100644 --- a/stream/stream_libarchive.c +++ b/stream/stream_libarchive.c @@ -432,8 +432,15 @@ static int archive_entry_seek(stream_t *s, int64_t newpos) int size = MPMIN(newpos - s->pos, sizeof(buffer)); locale_t oldlocale = uselocale(p->mpa->locale); int r = archive_read_data(p->mpa->arch, buffer, size); - if (r < 0) { - MP_ERR(s, "%s\n", archive_error_string(p->mpa->arch)); + if (r <= 0) { + if (r == 0 && newpos > p->entry_size) { + MP_ERR(s, "demuxer trying to seek beyond end of archive " + "entry\n"); + } else if (r == 0) { + MP_ERR(s, "end of archive entry reached while seeking\n"); + } else { + MP_ERR(s, "%s\n", archive_error_string(p->mpa->arch)); + } uselocale(oldlocale); if (mp_archive_check_fatal(p->mpa, r)) { mp_archive_free(p->mpa); |