diff options
| author | Lorenzo Desole <lorenzodes@fastwebnet.it> | 2011-10-13 21:50:00 +0200 |
|---|---|---|
| committer | Lorenzo Desole <lorenzodes@fastwebnet.it> | 2011-10-13 21:50:00 +0200 |
| commit | 2926c8f9b3bc53f933d6f367f258f2abe08da413 (patch) | |
| tree | c0e6feee59ceda01eece0cad0f1d66c000890dfb /src | |
| parent | 61087cfdd20dfabcbc1da7fd11f85815f9a667aa (diff) | |
| download | xine-lib-2926c8f9b3bc53f933d6f367f258f2abe08da413.tar.gz xine-lib-2926c8f9b3bc53f933d6f367f258f2abe08da413.tar.bz2 | |
mkv fix: null dereferences, skipping of unknown elements
Diffstat (limited to 'src')
| -rw-r--r-- | src/demuxers/demux_matroska.c | 4 | ||||
| -rw-r--r-- | src/demuxers/ebml.c | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/src/demuxers/demux_matroska.c b/src/demuxers/demux_matroska.c index c47cd2657..3d1935587 100644 --- a/src/demuxers/demux_matroska.c +++ b/src/demuxers/demux_matroska.c @@ -3030,7 +3030,7 @@ static demux_plugin_t *open_plugin (demux_class_t *class_gen, xine_stream_t *str if (ebml->max_size_len > 8) goto error; /* handle both Matroska and WebM here; we don't (presently) differentiate */ - if (strcmp(ebml->doctype, "matroska") && strcmp(ebml->doctype, "webm")) + if (!ebml->doctype || (strcmp(ebml->doctype, "matroska") && strcmp(ebml->doctype, "webm"))) goto error; this->event_queue = xine_event_new_queue(this->stream); @@ -3040,7 +3040,7 @@ static demux_plugin_t *open_plugin (demux_class_t *class_gen, xine_stream_t *str error: dispose_ebml_parser(ebml); - if (NULL != this) { + if (this != NULL && this->event_queue != NULL) { xine_event_dispose_queue(this->event_queue); free(this); } diff --git a/src/demuxers/ebml.c b/src/demuxers/ebml.c index 75fbfde75..ce53e6c8a 100644 --- a/src/demuxers/ebml.c +++ b/src/demuxers/ebml.c @@ -211,14 +211,13 @@ int ebml_skip(ebml_parser_t *ebml, ebml_elem_t *elem) { int ebml_read_elem_head(ebml_parser_t *ebml, ebml_elem_t *elem) { - if (!ebml_read_elem_id(ebml, &elem->id)) - return 0; + int ret_id = ebml_read_elem_id(ebml, &elem->id); - if (!ebml_read_elem_len(ebml, &elem->len)) - return 0; + int ret_len = ebml_read_elem_len(ebml, &elem->len); elem->start = ebml->input->get_current_pos(ebml->input); - return 1; + + return (ret_id && ret_len); } @@ -473,6 +472,7 @@ int ebml_check_header(ebml_parser_t *ebml) { default: xprintf(ebml->xine, XINE_VERBOSITY_LOG, "ebml: Unknown data type 0x%x in EBML header (ignored)\n", elem.id); + ebml_skip(ebml, &elem); } next_level = ebml_get_next_level(ebml, &elem); } |