[libbluray-devel] mpls_parse: added sanity checks
hpi1
git at videolan.org
Wed Feb 26 09:09:15 CET 2014
libbluray | branch: master | hpi1 <hpi1 at anonymous.org> | Sun Feb 23 14:06:54 2014 +0200| [047070c1fa9c411a0d508b5b0edf67eea2198f3a] | committer: hpi1
mpls_parse: added sanity checks
> http://git.videolan.org/gitweb.cgi/libbluray.git/?a=commit;h=047070c1fa9c411a0d508b5b0edf67eea2198f3a
---
src/libbluray/bdnav/mpls_parse.c | 35 +++++++++++++++++++++++++++++------
src/util/bits.h | 5 +++++
2 files changed, 34 insertions(+), 6 deletions(-)
diff --git a/src/libbluray/bdnav/mpls_parse.c b/src/libbluray/bdnav/mpls_parse.c
index 2b591fb..dd8ce9f 100644
--- a/src/libbluray/bdnav/mpls_parse.c
+++ b/src/libbluray/bdnav/mpls_parse.c
@@ -100,8 +100,7 @@ _parse_uo(BITSTREAM *bits, BD_UO_MASK *uo)
static int
_parse_appinfo(BITSTREAM *bits, MPLS_AI *ai)
{
- int len;
- off_t pos;
+ off_t pos, len;
if (!bs_is_align(bits, 0x07)) {
fprintf(stderr, "_parse_appinfo: alignment error\n");
@@ -109,6 +108,11 @@ _parse_appinfo(BITSTREAM *bits, MPLS_AI *ai)
pos = bs_pos(bits) >> 3;
len = bs_read(bits, 32);
+ if (bs_avail(bits) < len * 8) {
+ fprintf(stderr, "_parse_appinfo: unexpected end of file\n");
+ return 0;
+ }
+
// Reserved
bs_skip(bits, 8);
ai->playback_type = bs_read(bits, 8);
@@ -131,6 +135,11 @@ _parse_appinfo(BITSTREAM *bits, MPLS_AI *ai)
static int
_parse_header(BITSTREAM *bits, MPLS_PL *pl)
{
+ if (bs_avail(bits) < 5 * 32 + 160) {
+ fprintf(stderr, "_parse_header: unexpected end of file\n");
+ return 0;
+ }
+
pl->type_indicator = bs_read(bits, 32);
pl->type_indicator2 = bs_read(bits, 32);
if (pl->type_indicator != MPLS_SIG1 ||
@@ -641,12 +650,19 @@ _clean_subpath(MPLS_SUB *sp)
static int
_parse_playlistmark(BITSTREAM *bits, MPLS_PL *pl)
{
+ off_t len;
int ii;
MPLS_PLM *plm = NULL;
bs_seek_byte(bits, pl->mark_pos);
- // Skip the length field, I don't use it
- bs_skip(bits, 32);
+ // length field
+ len = bs_read(bits, 32);
+
+ if (bs_avail(bits) < len * 8) {
+ fprintf(stderr, "_parse_playlistmark: unexpected end of file\n");
+ return 0;
+ }
+
// Then get the number of marks
pl->mark_count = bs_read(bits, 16);
@@ -666,13 +682,20 @@ _parse_playlistmark(BITSTREAM *bits, MPLS_PL *pl)
static int
_parse_playlist(BITSTREAM *bits, MPLS_PL *pl)
{
+ off_t len;
int ii;
MPLS_PI *pi = NULL;
MPLS_SUB *sub_path = NULL;
bs_seek_byte(bits, pl->list_pos);
- // Skip playlist length
- bs_skip(bits, 32);
+ // playlist length
+ len = bs_read(bits, 32);
+
+ if (bs_avail(bits) < len * 8) {
+ fprintf(stderr, "_parse_playlist: unexpected end of file\n");
+ return 0;
+ }
+
// Skip reserved bytes
bs_skip(bits, 16);
diff --git a/src/util/bits.h b/src/util/bits.h
index 50af804..620fcbd 100644
--- a/src/util/bits.h
+++ b/src/util/bits.h
@@ -86,6 +86,11 @@ static inline int bs_eof( const BITSTREAM *bs )
return file_eof(bs->fp) && bb_eof(&bs->bb);
}
+static inline off_t bs_avail( const BITSTREAM *bs )
+{
+ return bs_end(bs) - bs_pos(bs);
+}
+
static inline void bb_seek_byte( BITBUFFER *bb, off_t off)
{
bb_seek(bb, off << 3, SEEK_SET);
More information about the libbluray-devel
mailing list