[libbluray-devel] mobj_parse: check for EOF in object loop.
hpi1
git at videolan.org
Mon Jun 26 15:24:23 CEST 2017
libbluray | branch: master | hpi1 <hpi1 at anonymous.org> | Mon Jun 26 14:28:15 2017 +0300| [5e7da00e5040bdcbd8aa71f005d0d688b6cbe647] | committer: hpi1
mobj_parse: check for EOF in object loop.
Fixes very long delay with corrupt input (huge mobj count).
> http://git.videolan.org/gitweb.cgi/libbluray.git/?a=commit;h=5e7da00e5040bdcbd8aa71f005d0d688b6cbe647
---
src/libbluray/hdmv/mobj_parse.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/libbluray/hdmv/mobj_parse.c b/src/libbluray/hdmv/mobj_parse.c
index cb5abd7d..e407364b 100644
--- a/src/libbluray/hdmv/mobj_parse.c
+++ b/src/libbluray/hdmv/mobj_parse.c
@@ -110,6 +110,10 @@ static int _mobj_parse_object(BITSTREAM *bs, MOBJ_OBJECT *obj)
for (i = 0; i < obj->num_cmds; i++) {
uint8_t buf[12];
+ if (bs_avail(bs) < 12*8) {
+ BD_DEBUG(DBG_HDMV|DBG_CRIT, "MovieObject.bdmv: unexpected EOF\n");
+ return 0;
+ }
bs_read_bytes(bs, buf, 12);
mobj_parse_cmd(buf, &obj->cmds[i]);
}
More information about the libbluray-devel
mailing list