Skip to content

Commit 92476e5

Browse files
rillianrillian
authored
Merge pull request #83 from alfredoyang/check_size_readbuf
Limit read_buf size to BUF_SIZE_LIMIT in case of overflow problem
2 parents 1a15509 + fcbef90 commit 92476e5

File tree

2 files changed

+6
-9
lines changed

2 files changed

+6
-9
lines changed

mp4parse/src/lib.rs

+4-7
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ use boxes::{BoxType, FourCC};
2626
mod tests;
2727

2828
// Arbitrary buffer size limit used for raw read_bufs on a box.
29-
const BUF_SIZE_LIMIT: u64 = 1024 * 1024;
29+
const BUF_SIZE_LIMIT: usize = 1024 * 1024;
3030

3131
static DEBUG_MODE: std::sync::atomic::AtomicBool = std::sync::atomic::ATOMIC_BOOL_INIT;
3232

@@ -1510,9 +1510,6 @@ fn read_esds<T: Read>(src: &mut BMFFBox<T>) -> Result<ES_Descriptor> {
15101510
let (_, _) = read_fullbox_extra(src)?;
15111511

15121512
let esds_size = src.head.size - src.head.offset - 4;
1513-
if esds_size > BUF_SIZE_LIMIT {
1514-
return Err(Error::InvalidData("esds box exceeds BUF_SIZE_LIMIT"));
1515-
}
15161513
let esds_array = read_buf(src, esds_size as usize)?;
15171514

15181515
let mut es_data = ES_Descriptor::default();
@@ -1700,9 +1697,6 @@ fn read_video_sample_entry<T: Read>(src: &mut BMFFBox<T>) -> Result<(CodecType,
17001697
return Err(Error::InvalidData("malformed video sample entry"));
17011698
}
17021699
let avcc_size = b.head.size - b.head.offset;
1703-
if avcc_size > BUF_SIZE_LIMIT {
1704-
return Err(Error::InvalidData("avcC box exceeds BUF_SIZE_LIMIT"));
1705-
}
17061700
let avcc = read_buf(&mut b.content, avcc_size as usize)?;
17071701
log!("{:?} (avcc)", avcc);
17081702
// TODO(kinetik): Parse avcC box? For now we just stash the data.
@@ -1993,6 +1987,9 @@ fn skip<T: Read>(src: &mut T, mut bytes: usize) -> Result<()> {
19931987

19941988
/// Read size bytes into a Vector or return error.
19951989
fn read_buf<T: ReadBytesExt>(src: &mut T, size: usize) -> Result<Vec<u8>> {
1990+
if size > BUF_SIZE_LIMIT {
1991+
return Err(Error::InvalidData("read_buf size exceeds BUF_SIZE_LIMIT"));
1992+
}
19961993
let mut buf = vec![0; size];
19971994
let r = src.read(&mut buf)?;
19981995
if r != size {

mp4parse/src/tests.rs

+2-2
Original file line numberDiff line numberDiff line change
@@ -641,7 +641,7 @@ fn avcc_limit() {
641641
let mut iter = super::BoxIter::new(&mut stream);
642642
let mut stream = iter.next_box().unwrap().unwrap();
643643
match super::read_video_sample_entry(&mut stream) {
644-
Err(Error::InvalidData(s)) => assert_eq!(s, "avcC box exceeds BUF_SIZE_LIMIT"),
644+
Err(Error::InvalidData(s)) => assert_eq!(s, "read_buf size exceeds BUF_SIZE_LIMIT"),
645645
Ok(_) => panic!("expected an error result"),
646646
_ => panic!("expected a different error result"),
647647
}
@@ -666,7 +666,7 @@ fn esds_limit() {
666666
let mut iter = super::BoxIter::new(&mut stream);
667667
let mut stream = iter.next_box().unwrap().unwrap();
668668
match super::read_audio_sample_entry(&mut stream) {
669-
Err(Error::InvalidData(s)) => assert_eq!(s, "esds box exceeds BUF_SIZE_LIMIT"),
669+
Err(Error::InvalidData(s)) => assert_eq!(s, "read_buf size exceeds BUF_SIZE_LIMIT"),
670670
Ok(_) => panic!("expected an error result"),
671671
_ => panic!("expected a different error result"),
672672
}

0 commit comments

Comments
 (0)