mkv: Return error instead of panicing when reading the wrong EBML ele…

…ment.

The SeekHeadElement may contain an invalid element type and position
pair. We can't assume what we are reading at the the position is
the stated element type. Since this was an assertion a malicious or
broken file could trigger it. Return an error instead.

Fixes #201.

symphonia-format-mkv/src/demuxer.rs

@@ -390,6 +390,10 @@ impl FormatReader for MkvReader {
 
             for (etype, pos) in seek_positions {
                 it.seek(pos)?;
+
+                // Safety: The element type or position may be incorrect. The element iterator will
+                // validate the type (as declared in the header) of the element at the seeked
+                // position against the element type asked to be read.
                 match etype {
                     ElementType::Tracks => {
                         segment_tracks = Some(it.read_element::<TracksElement>()?);

symphonia-format-mkv/src/ebml.rs

@@ -341,11 +341,11 @@ impl<R: ReadBytes> ElementIterator<R> {
     /// [Self::read_header] or [Self::read_child_header].
     pub(crate) fn read_element_data<E: Element>(&mut self) -> Result<E> {
         let header = self.current.expect("EBML header must be read before calling this function");
-        assert_eq!(
-            header.etype,
-            E::ID,
-            "EBML element type must be checked before calling this function"
-        );
+
+        // Ensure the EBML element header has the same element type as the one being read.
+        if header.etype != E::ID {
+            return decode_error("mkv: unexpected EBML element");
+        }
 
         let element = E::read(&mut self.reader, header)?;
         // Update position to match the position element reader finished at