[libbluray-devel] clpi_parse: check for EOF when parsing EP map

[hpi1]

libbluray | branch: master | hpi1 <hpi1 at anonymous.org> | Mon Jun 26 15:54:39 2017 +0300| [ca10136cb6207a0b74227eb060756cce68a4af2e] | committer: hpi1

clpi_parse: check for EOF when parsing EP map

Fixes very long delay with corrupt input.

> http://git.videolan.org/gitweb.cgi/libbluray.git/?a=commit;h=ca10136cb6207a0b74227eb060756cce68a4af2e
---

 src/libbluray/bdnav/clpi_parse.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/libbluray/bdnav/clpi_parse.c b/src/libbluray/bdnav/clpi_parse.c
index 839e10c3..4c094268 100644
--- a/src/libbluray/bdnav/clpi_parse.c
+++ b/src/libbluray/bdnav/clpi_parse.c
@@ -335,6 +335,11 @@ _parse_ep_map_stream(BITSTREAM *bits, CLPI_EP_MAP_ENTRY *ee)
     }
     fine_start = bs_read(bits, 32);
 
+    if (bs_avail(bits)/(8*8) < ee->num_ep_coarse) {
+        BD_DEBUG(DBG_HDMV|DBG_CRIT, "clpi_parse: unexpected EOF (EP coarse)\n");
+        return 0;
+    }
+
     coarse = malloc(ee->num_ep_coarse * sizeof(CLPI_EP_COARSE));
     ee->coarse = coarse;
     if (ee->num_ep_coarse && !coarse) {
@@ -351,6 +356,11 @@ _parse_ep_map_stream(BITSTREAM *bits, CLPI_EP_MAP_ENTRY *ee)
         return 0;
     }
 
+    if (bs_avail(bits)/(8*4) < ee->num_ep_fine) {
+        BD_DEBUG(DBG_HDMV|DBG_CRIT, "clpi_parse: unexpected EOF (EP fine)\n");
+        return 0;
+    }
+
     fine = malloc(ee->num_ep_fine * sizeof(CLPI_EP_FINE));
     ee->fine = fine;
     if (ee->num_ep_fine && !fine) {