mirror of
https://gitlab.com/mbunkus/mkvtoolnix.git
synced 2024-12-24 11:54:01 +00:00
DTS reader: fixed handling of odd-length buffers in byte-swapped DTS situations
Found by fuzzying.
This commit is contained in:
parent
f4c1e36d91
commit
6f3c8510f0
3
NEWS.md
3
NEWS.md
@ -31,6 +31,9 @@
|
||||
libEBML later. Found by fuzzying.
|
||||
* mkvmerge: track statistics: fixed a "division by zero" error when the
|
||||
content's shorter than 1ms. Found by fuzzying.
|
||||
* mkvmerge: DTS reader: fixed handling of buffers with an odd length when
|
||||
byte-swapped DTS is detected so that mkvmerge doesn't abort with a failed
|
||||
assertion. Found by fuzzying.
|
||||
|
||||
|
||||
# Version 50.0.0 "Awakenings" 2020-09-06
|
||||
|
@ -28,7 +28,7 @@
|
||||
bool
|
||||
dts_reader_c::probe_file() {
|
||||
m_chunks = scan_chunks(*m_in);
|
||||
m_current_chunk = std::find_if(m_chunks.begin(), m_chunks.end(), [](chunk_t const &chunk) { return chunk.type == chunk_type_e::strmdata; });
|
||||
m_current_chunk = std::find_if(m_chunks.begin(), m_chunks.end(), [](chunk_t const &chunk) { return (chunk.data_size > 1) && (chunk.type == chunk_type_e::strmdata); });
|
||||
|
||||
if (m_current_chunk == m_chunks.end())
|
||||
return false;
|
||||
@ -72,7 +72,10 @@ dts_reader_c::read_headers() {
|
||||
|
||||
mtx::dts::detect(m_buf[m_cur_buf], m_af_buf[0]->get_size(), m_dts14_to_16, m_swap_bytes);
|
||||
|
||||
mxdebug_if(m_debug, fmt::format("DTS: 14->16 {0} swap {1}\n", m_dts14_to_16, m_swap_bytes));
|
||||
mxdebug_if(m_debug, fmt::format("DTS: 14->16 {0} swap {1} buf size {2}\n", m_dts14_to_16, m_swap_bytes, m_af_buf[0]->get_size()));
|
||||
|
||||
if (m_swap_bytes && (m_af_buf[0]->get_size() % 2))
|
||||
m_af_buf[0]->set_size(m_af_buf[0]->get_size() - 1);
|
||||
|
||||
decode_buffer(m_af_buf[0]->get_size());
|
||||
int pos = mtx::dts::find_header(reinterpret_cast<const unsigned char *>(m_buf[m_cur_buf]), m_af_buf[0]->get_size(), m_dtsheader);
|
||||
@ -122,6 +125,8 @@ dts_reader_c::read(generic_packetizer_c *,
|
||||
return flush_packetizers();
|
||||
|
||||
auto bytes_to_read = std::min<int64_t>(m_current_chunk->data_end - std::min(m_in->getFilePointer(), m_current_chunk->data_end), m_af_buf[0]->get_size());
|
||||
if (m_swap_bytes)
|
||||
bytes_to_read &= ~0x1;
|
||||
if (m_dts14_to_16)
|
||||
bytes_to_read &= ~0xf;
|
||||
|
||||
@ -142,7 +147,9 @@ dts_reader_c::read(generic_packetizer_c *,
|
||||
|
||||
++m_current_chunk;
|
||||
|
||||
while ((m_current_chunk != chunks_end) && (m_current_chunk->type != chunk_type_e::strmdata))
|
||||
while ( (m_current_chunk != chunks_end)
|
||||
&& ( (m_current_chunk->data_size < 2)
|
||||
|| (m_current_chunk->type != chunk_type_e::strmdata)))
|
||||
++m_current_chunk;
|
||||
|
||||
if (m_current_chunk == chunks_end)
|
||||
|
@ -555,4 +555,4 @@ T_706bcp47_mkvmerge_tracks_disable_language_ietf:d3debb1ac7a98668c4cac753891185b
|
||||
T_707bcp47_mkvmerge_chapters_disable_language_ietf:2a2202254f1e426484151e9299f83841-ok-b6807e13a6ea9a2cc609e86b3e9af87d-ok-b6807e13a6ea9a2cc609e86b3e9af87d-ok-b34723deaedf0499e3867766749863b2-ok-b34723deaedf0499e3867766749863b2-ok-b34723deaedf0499e3867766749863b2-ok-ff2908a5f9aedaca69790c4ec909a829-ok-fcf93dcc200afe462b71d16d7c9fef90-ok-fcf93dcc200afe462b71d16d7c9fef90-ok:passed:20200829-101752:0.197644079
|
||||
T_708bcp47_propedit_language_ietf_disable_language_ietf:d80d696e8045ebf157d31db09142307c-und+und+ok+ger+und+ok+ger+pt_BR+ok+spa+pt_BR+ok+eng+pt_BR+ok+eng++ok:passed:20200829-103838:0.0
|
||||
T_709bcp47_mkvmerge_tags:9208217d36fa9368be5a44b239286424:passed:20200903-234135:0.0
|
||||
T_710fuzzying:8a854a7b177603c5291752d2f9520fa0-e805674b364be8464e5e5a40e4fbd0bf-9e16062a69f4f0f3194d4df7ffc6fe4e-1b04d1875e32404c86dbef16ddb75db0-d1eae321da2a9b9ecedb17f3c2a61a5a-8511491b33e36ad1a9edd5973af0bcc5:passed:20200921-133156:0.052004005
|
||||
T_710fuzzying:8a854a7b177603c5291752d2f9520fa0-e805674b364be8464e5e5a40e4fbd0bf-9e16062a69f4f0f3194d4df7ffc6fe4e-cc7dd2e0814bf64c863f9dc279a62932-1b04d1875e32404c86dbef16ddb75db0-d1eae321da2a9b9ecedb17f3c2a61a5a-8511491b33e36ad1a9edd5973af0bcc5:passed:20200921-133156:0.059249045
|
||||
|
Loading…
Reference in New Issue
Block a user