summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwm4 <wm4@nowhere>2014-09-04 19:20:30 +0200
committerwm4 <wm4@nowhere>2014-09-04 19:21:19 +0200
commitc15957b43a715563d405f42ec38c6c0ed1d477f9 (patch)
tree6cef43ce4e99d086e9136a49e9b09387e0128493
parentd9aaf78530ec9c3e70d00cec94dc44019f50444f (diff)
downloadmpv-c15957b43a715563d405f42ec38c6c0ed1d477f9.tar.bz2
mpv-c15957b43a715563d405f42ec38c6c0ed1d477f9.tar.xz
ebml: warn if there are too many subelements
Seems like a good idea.
-rw-r--r--demux/ebml.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/demux/ebml.c b/demux/ebml.c
index fdebc4a8ed..0df683adcd 100644
--- a/demux/ebml.c
+++ b/demux/ebml.c
@@ -420,12 +420,16 @@ static void ebml_parse_element(struct ebml_parse_ctx *ctx, void *target,
if (num_elems[i] && type->fields[i].multiple) {
char *ptr = s + type->fields[i].offset;
switch (type->fields[i].desc->type) {
- case EBML_TYPE_SUBELEMENTS:
- num_elems[i] = FFMIN(num_elems[i],
- 1000000000 / type->fields[i].desc->size);
+ case EBML_TYPE_SUBELEMENTS: {
+ size_t max = 1000000000 / type->fields[i].desc->size;
+ if (num_elems[i] > max) {
+ MP_ERR(ctx, "Too many subelements.\n");
+ num_elems[i] = max;
+ }
int sz = num_elems[i] * type->fields[i].desc->size;
*(generic_struct **) ptr = talloc_zero_size(ctx->talloc_ctx, sz);
break;
+ }
case EBML_TYPE_UINT:
*(uint64_t **) ptr = talloc_zero_array(ctx->talloc_ctx,
uint64_t, num_elems[i]);