[vlc-commits] mp4: fix infinite loop on malformed file
Rémi Denis-Courmont
git at videolan.org
Wed Dec 13 21:34:58 CET 2017
vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Wed Dec 13 22:32:06 2017 +0200| [f8c44ffcf7b4ca0cd4f58d7c44b2e1faa3f90ce6] | committer: Rémi Denis-Courmont
mp4: fix infinite loop on malformed file
Unknown or partially read box can be loaded succesfully even if it
overflows the parent. This lead to an integer underflow and infinite
loop until memory exhaustion.
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=f8c44ffcf7b4ca0cd4f58d7c44b2e1faa3f90ce6
---
modules/demux/mp4/libmp4.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/modules/demux/mp4/libmp4.c b/modules/demux/mp4/libmp4.c
index 030e609d29..2ff9f558e4 100644
--- a/modules/demux/mp4/libmp4.c
+++ b/modules/demux/mp4/libmp4.c
@@ -1556,6 +1556,10 @@ static int MP4_ReadBox_LtdContainer( stream_t *p_stream, MP4_Box_t *p_box )
break;
MP4_BoxAddChild( p_box, p_childbox );
i_entry++;
+
+ if( i_read < p_childbox->i_size )
+ MP4_READBOX_EXIT( 0 );
+
i_read -= p_childbox->i_size;
}
More information about the vlc-commits
mailing list