matroskadec: Fix overflow introduced in a569a7b3

This commit fixes an overflow introduced in a569a7b3 that affected EBML elements that the Matroska demuxer doesn't want to parse like CRC-32 elements. The return value of avio_skip (the new position on success or an AVERROR on failure) has been assigned to an integer which meant that new positions in the range of 2GB to 4GB-1 etc. were considered errors. Fixes ticket #8001. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
2024-09-20 05:16:38 +00:00 · 2019-07-06 18:59:22 +02:00 · 2019-07-06 18:59:22 +02:00 · eb33be188d
commit eb33be188d
parent b9a6106842
1 changed files with 4 additions and 2 deletions
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@ -1259,12 +1259,13 @@ static int ebml_parse_elem(MatroskaDemuxContext *matroska,
        return 1;
    default:
        if (length) {
+            int64_t res2;
            if (ffio_limit(pb, length) != length) {
                // ffio_limit emits its own error message,
                // so we don't have to.
                return AVERROR(EIO);
            }
-            if ((res = avio_skip(pb, length - 1)) >= 0) {
+            if ((res2 = avio_skip(pb, length - 1)) >= 0) {
                // avio_skip might take us past EOF. We check for this
                // by skipping only length - 1 bytes, reading a byte and
                // checking the error flags. This is done in order to check
@ -1272,7 +1273,8 @@ static int ebml_parse_elem(MatroskaDemuxContext *matroska,
                // no filesize (that ffio_limit relies on) is available.
                avio_r8(pb);
                res = NEEDS_CHECKING;
-            }
+            } else
+                res = res2;
        } else
            res = 0;
    }