[vlc-commits] contrib:ebml: do not read further than allowed

[Steve Lhomme]

vlc/vlc-3.0 | branch: master | Steve Lhomme <robUx4 at videolabs.io> | Mon Nov 27 09:36:17 2017 +0100| [2b5eef596431eaf7a4fc1938f57fb64122ffd5f0] | committer: Jean-Baptiste Kempf

contrib:ebml: do not read further than allowed

Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
(cherry picked from commit c1feca7b23cb70d538ce830a0e7b27196ae67dcd)
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=2b5eef596431eaf7a4fc1938f57fb64122ffd5f0
---

 contrib/src/ebml/ebml-maxread.patch | 29 +++++++++++++++++++++++++++++
 contrib/src/ebml/rules.mak          |  1 +
 2 files changed, 30 insertions(+)

diff --git a/contrib/src/ebml/ebml-maxread.patch b/contrib/src/ebml/ebml-maxread.patch
new file mode 100644
index 0000000000..901e09d860
--- /dev/null
+++ b/contrib/src/ebml/ebml-maxread.patch
@@ -0,0 +1,29 @@
+--- ebml/src/EbmlElement.cpp	2017-11-27 09:12:56.891612600 +0100
++++ ebml/src/EbmlElement.cpp.maxread	2017-11-27 09:29:17.335279000 +0100
+@@ -404,12 +404,14 @@ EbmlElement * EbmlElement::FindNextEleme
+         memmove(&PossibleIdNSize[0],&PossibleIdNSize[1], --ReadIndex);
+       }
+ 
++      if (MaxDataSize <= ReadSize)
++          break;
+       if (DataStream.read(&PossibleIdNSize[ReadIndex++], 1) == 0) {
+         return NULL; // no more data ?
+       }
+       ReadSize++;
+ 
+-    } while (!bFound && MaxDataSize > ReadSize);
++    } while (!bFound);
+ 
+     if (!bFound)
+       // we reached the maximum we could read without a proper ID
+@@ -432,6 +434,10 @@ EbmlElement * EbmlElement::FindNextEleme
+         bFound = false;
+         break;
+       }
++      if (MaxDataSize <= ReadSize) {
++        bFound = false;
++        break;
++      }
+       if( DataStream.read( &PossibleIdNSize[SizeIdx++], 1 ) == 0 ) {
+         return NULL; // no more data ?
+       }
diff --git a/contrib/src/ebml/rules.mak b/contrib/src/ebml/rules.mak
index 4e13fa9a0a..cb5667e8eb 100644
--- a/contrib/src/ebml/rules.mak
+++ b/contrib/src/ebml/rules.mak
@@ -10,6 +10,7 @@ $(TARBALLS)/libebml-$(EBML_VERSION).tar.xz:
 
 ebml: libebml-$(EBML_VERSION).tar.xz .sum-ebml
 	$(UNPACK)
+	$(APPLY) $(SRC)/ebml/ebml-maxread.patch
 	$(MOVE)
 
 # libebml requires exceptions