[vlc-devel] [PATCH] demux/playlist/qtl: prevent crash during root-node searching

Filip Roséen filip at atch.se
Wed Mar 15 10:07:25 CET 2017


The previous implementation would crash on malformed/unexpected input
due to xml_ReaderNextNode returning a value different than
XML_READER_STARTELEM, meaning that accessing "node" is ill-formed.

fixes: #18123
---
 modules/demux/playlist/qtl.c | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/modules/demux/playlist/qtl.c b/modules/demux/playlist/qtl.c
index bf8cd992db..0675159063 100644
--- a/modules/demux/playlist/qtl.c
+++ b/modules/demux/playlist/qtl.c
@@ -70,6 +70,8 @@ typedef enum { LOOP_TRUE,
                LOOP_PALINDROME } qtl_loop_t;
 const char* ppsz_loop[] = { "true", "false", "palindrome" };
 
+#define ROOT_NODE_MAX_DEPTH 2
+
 /*****************************************************************************
  * Local prototypes
  *****************************************************************************/
@@ -96,7 +98,6 @@ int Import_QTL( vlc_object_t *p_this )
 static int Demux( demux_t *p_demux )
 {
     xml_reader_t *p_xml_reader;
-    const char *node;
     input_item_t *p_input;
     int i_ret = -1;
 
@@ -122,20 +123,21 @@ static int Demux( demux_t *p_demux )
     if( !p_xml_reader )
         goto error;
 
-    /* check root node */
-    if( xml_ReaderNextNode( p_xml_reader, &node ) != XML_READER_STARTELEM
-     || strcmp( node, "embed" ) )
+    for( int i = 0;; ++i ) /* locate root node */
     {
-        msg_Err( p_demux, "invalid root node <%s>", node );
-
-        /* second line has <?quicktime tag ... so we try to skip it */
-        msg_Dbg( p_demux, "trying to read one more node" );
-        if( xml_ReaderNextNode( p_xml_reader, &node ) != XML_READER_STARTELEM
-         || strcmp( node, "embed" ) )
+        const char *node;
+        if( i == ROOT_NODE_MAX_DEPTH ||
+            xml_ReaderNextNode( p_xml_reader, &node ) != XML_READER_STARTELEM )
         {
-            msg_Err( p_demux, "invalid root node <%s>", node );
+            msg_Err( p_demux, "unable to locate root-node" );
             goto error;
         }
+
+        if( strcmp( node, "embed" ) == 0 )
+            break; /* found it */
+
+        msg_Dbg( p_demux, "invalid root node <%s>, trying next (%d / %d)",
+                           node, i + 1, ROOT_NODE_MAX_DEPTH );
     }
 
     const char *attrname, *value;
-- 
2.12.0


More information about the vlc-devel mailing list