diff options
author | wm4 <wm4@nowhere> | 2014-09-04 19:20:30 +0200 |
---|---|---|
committer | wm4 <wm4@nowhere> | 2014-09-04 19:21:19 +0200 |
commit | c15957b43a715563d405f42ec38c6c0ed1d477f9 (patch) | |
tree | 6cef43ce4e99d086e9136a49e9b09387e0128493 /demux/ebml.c | |
parent | d9aaf78530ec9c3e70d00cec94dc44019f50444f (diff) | |
download | mpv-c15957b43a715563d405f42ec38c6c0ed1d477f9.tar.bz2 mpv-c15957b43a715563d405f42ec38c6c0ed1d477f9.tar.xz |
ebml: warn if there are too many subelements
Seems like a good idea.
Diffstat (limited to 'demux/ebml.c')
-rw-r--r-- | demux/ebml.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/demux/ebml.c b/demux/ebml.c index fdebc4a8ed..0df683adcd 100644 --- a/demux/ebml.c +++ b/demux/ebml.c @@ -420,12 +420,16 @@ static void ebml_parse_element(struct ebml_parse_ctx *ctx, void *target, if (num_elems[i] && type->fields[i].multiple) { char *ptr = s + type->fields[i].offset; switch (type->fields[i].desc->type) { - case EBML_TYPE_SUBELEMENTS: - num_elems[i] = FFMIN(num_elems[i], - 1000000000 / type->fields[i].desc->size); + case EBML_TYPE_SUBELEMENTS: { + size_t max = 1000000000 / type->fields[i].desc->size; + if (num_elems[i] > max) { + MP_ERR(ctx, "Too many subelements.\n"); + num_elems[i] = max; + } int sz = num_elems[i] * type->fields[i].desc->size; *(generic_struct **) ptr = talloc_zero_size(ctx->talloc_ctx, sz); break; + } case EBML_TYPE_UINT: *(uint64_t **) ptr = talloc_zero_array(ctx->talloc_ctx, uint64_t, num_elems[i]); |