Prevent integer underflow in read caching code for seeks to invalid positions

Fix for bug 709.

ChangeLog

@@ -1,3 +1,9 @@
+2012-01-25  Moritz Bunkus  <moritz@bunkus.org>
+
+	* mkvmerge: bug fix: Fixed integer underflows in the read caching
+	code resulting in invalid memory access. Happened in broken or
+	incomplete files only. Fix for bug 709.
+
 2012-01-23  Moritz Bunkus  <moritz@bunkus.org>
 
 	* mkvmerge: bug fix: Appending AVI, Matroska or MPEG program

src/common/mm_read_buffer_io.cpp

@@ -89,7 +89,7 @@ mm_read_buffer_io_c::setFilePointer(int64 offset,
   if (new_pos < 0)
     m_proxy_io->setFilePointer(offset, seek_end);
   else
-    m_proxy_io->setFilePointer(new_pos, seek_beginning);
+    m_proxy_io->setFilePointer(std::min(new_pos, get_size()), seek_beginning);
 
   // Get the actual offset from the underlying stream
   // Better be safe than sorry and use this instead of just taking

tests/results.txt

@@ -176,3 +176,4 @@ T_327vp8_frame_type:69725de2b6569734a3b1f955b4775e74:passed:20111207-233304:0.21
 T_328dts_detected_as_ac3:dfac59530d2d96ab9f41465fdc3931fd:passed:20111229-192324:0.053131334
 T_329X_timecodes_v2:dadc36ce79c1c4b281f8f1f865746598-049cdc2d9226fac8c61d193d803bfc1f-3720aac3f16b66ec3308ffa7bf913c6e-6469e2522a4b48b7b20bae93f5d9086d-1ff091abfcb0938d6ac7fd0495e899b3-049cdc2d9226fac8c61d193d803bfc1f-d172a9340cbf2802690479e396879d1e-bf76c5886cc7c18cc7e6ee796c3406b4-b3f9d126c31505c22f292a1d2bdffba2-4bd97467fac0ac0b561d68b8b15a79dd:passed:20120105-202451:2.051321822
 T_330dts_detection:38c941b579418e6c874950f4c55f84ce:passed:20120107-210130:1.22781858
+T_331read_buffer_underflow:3bdec07b9e45cafe2c35561e7f8ad2db:passed:20120125-232902:0.407400904

tests/test-331read_buffer_underflow.rb

@@ -0,0 +1,13 @@
+#!/usr/bin/ruby -w
+
+class T_331read_buffer_underflow < Test
+  def description
+    "mkvmerge / read buffer integer underflow on incomplete files"
+  end
+
+  def run
+    merge "data/mkv/underflow.mkv"
+    hash_tmp
+  end
+end
+