Skip to content

Commit

Permalink
bug #111 QuickTime stsd number_entries deadlock
Browse files Browse the repository at this point in the history 
If an incorrect value is set in stsd.number_entries then the script can
appear to hang (not infinite, but very long loop). Detect, provide
warning, override as necessary.
  • Loading branch information
@JamesHeinrich
JamesHeinrich committed Jun 11, 2017
1 parent 7fc5e5d commit 335f544
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 1 deletion.
2 changes: 1 addition & 1 deletion getid3/getid3.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ class getID3
protected $startup_error = '';
protected $startup_warning = '';

const VERSION = '1.9.14-201706091118';
const VERSION = '1.9.14-201706111222';
const FREAD_BUFFER_SIZE = 32768;

const ATTACHMENTS_NONE = false;
Expand Down
14 changes: 14 additions & 0 deletions getid3/module.audio-video.quicktime.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -722,6 +722,20 @@ public function QuicktimeParseAtom($atomname, $atomsize, $atom_data, $baseoffset
$atom_structure['version'] = getid3_lib::BigEndian2Int(substr($atom_data, 0, 1));
$atom_structure['flags_raw'] = getid3_lib::BigEndian2Int(substr($atom_data, 1, 3)); // hardcoded: 0x0000
$atom_structure['number_entries'] = getid3_lib::BigEndian2Int(substr($atom_data, 4, 4));

// see: https://github.com/JamesHeinrich/getID3/issues/111
// Some corrupt files have been known to have high bits set in the number_entries field
// This field shouldn't really need to be 32-bits, values stores are likely in the range 1-100000
// Workaround: mask off the upper byte and throw a warning if it's nonzero
if ($atom_structure['number_entries'] > 0x000FFFFF) {
if ($atom_structure['number_entries'] > 0x00FFFFFF) {
$this->warning('"stsd" atom contains improbably large number_entries (0x'.getid3_lib::PrintHexBytes(substr($atom_data, 4, 4), true, false).' = '.$atom_structure['number_entries'].'), probably in error. Ignoring upper byte and interpreting this as 0x'.getid3_lib::PrintHexBytes(substr($atom_data, 5, 3), true, false).' = '.($atom_structure['number_entries'] & 0x00FFFFFF));
$atom_structure['number_entries'] = ($atom_structure['number_entries'] & 0x00FFFFFF);
} else {
$this->warning('"stsd" atom contains improbably large number_entries (0x'.getid3_lib::PrintHexBytes(substr($atom_data, 4, 4), true, false).' = '.$atom_structure['number_entries'].'), probably in error. Please report this to info@getid3.org referencing bug report #111');
}
}

$stsdEntriesDataOffset = 8;
for ($i = 0; $i < $atom_structure['number_entries']; $i++) {
$atom_structure['sample_description_table'][$i]['size'] = getid3_lib::BigEndian2Int(substr($atom_data, $stsdEntriesDataOffset, 4));
Expand Down

0 comments on commit 335f544

Please sign in to comment.