shithub: mcfs

Info  •  Files  •  Log  •  Branches

correctly treat unknown data size and invalid elements in mcfs itself

--- a/matroska.c

+++ b/matroska.c

@@ -220,6 +220,8 @@

 			werrstr("invalid ebml: %r at %#llx (size %lld)", off, sz);

 			goto err;

 		}

+		if(el.type < 0)

+			continue;

 		if(n == 0) /* eof */

 			break;

 		left -= n;

@@ -231,7 +233,8 @@

 			}

 			isebml++;

 		}else if(el.id == ESegment){

-			left = sz;

+			if(sz > 0)

+				left = sz;

 			if(isebml != 1){

 				werrstr("invalid ebml");

 				goto err;

@@ -439,9 +442,11 @@

 				getstring(ELanguage, e.lang)

 		}

-		if(Bseek(f, sz, 1) < 0)

-			return -1;

-		left -= sz;

+		if(sz > 0){

+			if(Bseek(f, sz, 1) < 0)

+				return -1;

+			left -= sz;

+		}

 	}

 	if(isebml == 2 && left == 0){