• Andreas Rheinhardt's avatar
    avformat/matroskadec: Sanitize SeekHead entries · 7c243eec
    Andreas Rheinhardt authored
    A Seek element in a Matroska SeekHead should contain a SeekID and a
    SeekPosition element and upon reading, they should be sanitized:
    
    Given that IDs are restricted to 32 bit, longer SeekIDs should be treated
    as invalid. Instead currently the lower 32 bits have been used.
    
    For SeekPosition, no checks were performed for the element to be
    present and if present, whether it was excessively large (i.e. the
    absolute file position described by it exceeding INT64_MAX). The
    SeekPosition element had a default value of -1 which means that a check
    seems to have been intended; but it was not implemented. This commit adds
    a check for overflow to the calculation of the absolute file position of
    the referenced level 1 elements.
    Using -1 (i.e. UINT64_MAX) as default value for SeekPosition implies that
    a Seek element without SeekPosition will run afoul of this check.
    Signed-off-by: 's avatarAndreas Rheinhardt <andreas.rheinhardt@gmail.com>
    7c243eec
matroskadec.c 159 KB