Commit d394a244 authored by Joseph Wallace's avatar Joseph Wallace

Bugfix: Cluster test could have read past the end of the input buffer.

Move the cluster test inside the space-to-read check with the other tests.
parent 9de8fe48
......@@ -588,7 +588,11 @@ static int ebml_wrote(ebml_t *ebml, int len)
/* Recognize tags of interest */
if (tag_length > 4) {
if (!memcmp(ebml->input_buffer + cursor, segment_id, 4)) {
if (!memcmp(ebml->input_buffer + cursor, cluster_id, 4)) {
/* Found a Cluster */
ebml->parse_state = EBML_STATE_START_CLUSTER;
break;
} else if (!memcmp(ebml->input_buffer + cursor, segment_id, 4)) {
/* Parse all Segment children */
payload_length = 0;
......@@ -678,16 +682,11 @@ static int ebml_wrote(ebml_t *ebml, int len)
}
}
/* Take appropriate next action */
if (!memcmp(ebml->input_buffer + cursor, cluster_id, 4)) {
/* Found a cluster */
ebml->parse_state = EBML_STATE_START_CLUSTER;
} else if (processing) {
/* Copy any data we don't need to probe any more */
if (processing) {
/* Non-cluster tag, copy it & children into buffer */
ebml->copy_len = tag_length + payload_length;
ebml->parse_state = copy_state;
}
} else if (tag_length == 0) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment