From f658ca7c8c9089a21d87d061a9aef5f65a42778a Mon Sep 17 00:00:00 2001 From: Moritz Bunkus Date: Mon, 30 Dec 2013 23:29:45 +0100 Subject: [PATCH] AC3 parsing: consider frame size 0 an error during header decoding --- ChangeLog | 6 ++++++ src/common/ac3.cpp | 5 ++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 3a6ee34e8..a83af76ee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2013-12-30 Moritz Bunkus + + * mkvmerge: bug fix: Improved the AC3 header decoding error + handling so that the AC3 parsing routines won't get stuck in + endless loops when encountering certain garbage data patterns. + 2013-12-29 Moritz Bunkus * mkvmerge: enhancement: unified codec names output by mkvmerge's diff --git a/src/common/ac3.cpp b/src/common/ac3.cpp index caf114b64..e4b737069 100644 --- a/src/common/ac3.cpp +++ b/src/common/ac3.cpp @@ -94,6 +94,9 @@ ac3::frame_c::decode_header_type_eac3(bit_reader_c &bc) { m_sub_stream_id = bc.get_bits(3); m_bytes = (bc.get_bits(11) + 1) << 1; + if (!m_bytes) + return false; + uint8_t fscod = bc.get_bits(2); uint8_t fscod2 = bc.get_bits(2); @@ -185,7 +188,7 @@ ac3::frame_c::decode_header_type_ac3(bit_reader_c &bc) { m_samples = 1536; m_frame_type = EAC3_FRAME_TYPE_INDEPENDENT; - return true; + return m_bytes != 0; } int