[libbluray-devel] sound_parse: check for EOF in object loop.
hpi1
git at videolan.org
Mon Jun 26 15:24:48 CEST 2017
libbluray | branch: master | hpi1 <hpi1 at anonymous.org> | Mon Jun 26 15:28:46 2017 +0300| [326e039b48185126c5e4d5de91befe7c6e272383] | committer: hpi1
sound_parse: check for EOF in object loop.
Fixes very long delay with corrupt input.
> http://git.videolan.org/gitweb.cgi/libbluray.git/?a=commit;h=326e039b48185126c5e4d5de91befe7c6e272383
---
src/libbluray/bdnav/sound_parse.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/libbluray/bdnav/sound_parse.c b/src/libbluray/bdnav/sound_parse.c
index 031774ed..c915b7eb 100644
--- a/src/libbluray/bdnav/sound_parse.c
+++ b/src/libbluray/bdnav/sound_parse.c
@@ -112,6 +112,11 @@ static int _sound_read_samples(BITSTREAM *bs, SOUND_OBJECT *obj)
return 1;
}
+ if (bs_avail(bs)/16 < num_samples) {
+ BD_DEBUG(DBG_HDMV|DBG_CRIT, "sound.bdmv: unexpected EOF\n");
+ return 0;
+ }
+
obj->samples = calloc(num_samples, sizeof(uint16_t));
if (!obj->samples) {
BD_DEBUG(DBG_CRIT, "out of memory\n");
More information about the libbluray-devel
mailing list