On Sat, Dec 06, 2014 at 04:53:30PM +0100, wm4 wrote: > When matroska_execute_seekhead() is called, it goes through the list of > seekhead entries and attempts to read elements not read yet. When doing > this, the parser can find further SeekHead elements, and will extend the > matroska->seekhead list. This can lead to a (practically) infinite loop > with certain broken files. (Maybe it can happen even with valid files. > The demuxer doesn't seem to check correctly whether an element has > already been read.) > > Fix this by ignoring elements that were added to the seekhead field > during executing seekhead entries. > > This does not fix the possible situation when multiple SeekHead elements > after the file header (i.e. occur after the "before_pos" file position) > point to the same elements. These elements will probably be parsed > multiple times, likely leading to bugs. > > Fixes ticket #4162. > --- > I hope my analysis of the problem is correct.
applied i also added a request for samples for this case (couldnt find any except that fuzzed file) thanks [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB The educated differ from the uneducated as much as the living from the dead. -- Aristotle
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
