[vlc-commits] mp4: fix infinite loop on malformed file
Rémi Denis-Courmont
git at videolan.org
Wed Dec 13 21:35:20 CET 2017
vlc/vlc-3.0 | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Wed Dec 13 22:32:06 2017 +0200| [fe1716333c4ae850fc9f171646e444e2e22f84da] | committer: Rémi Denis-Courmont
mp4: fix infinite loop on malformed file
Unknown or partially read box can be loaded succesfully even if it
overflows the parent. This lead to an integer underflow and infinite
loop until memory exhaustion.
(cherry picked from commit f8c44ffcf7b4ca0cd4f58d7c44b2e1faa3f90ce6)
> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=fe1716333c4ae850fc9f171646e444e2e22f84da
---
modules/demux/mp4/libmp4.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/modules/demux/mp4/libmp4.c b/modules/demux/mp4/libmp4.c
index 3082a1048f..5c62e6a852 100644
--- a/modules/demux/mp4/libmp4.c
+++ b/modules/demux/mp4/libmp4.c
@@ -1524,6 +1524,10 @@ static int MP4_ReadBox_LtdContainer( stream_t *p_stream, MP4_Box_t *p_box )
break;
MP4_BoxAddChild( p_box, p_childbox );
i_entry++;
+
+ if( i_read < p_childbox->i_size )
+ MP4_READBOX_EXIT( 0 );
+
i_read -= p_childbox->i_size;
}
More information about the vlc-commits
mailing list