Infinite loop in AbstractBox

sannies / mp4parser

A Java API to read, write and create MP4 files

Apache License 2.0

2.76k stars 567 forks source link

Infinite loop in AbstractBox #411

Closed tballison closed 4 years ago

tballison commented 4 years ago

I found an infinite loop via fuzzing in AbstractBox

public void parse(DataSource dataSource, ByteBuffer header, long contentSize, BoxParser boxParser) throws IOException {
        this.offset = dataSource.position() - (long)header.remaining();
        this.dataSource = dataSource;
        this.content = ByteBuffer.allocate(CastUtils.l2i(contentSize));

        while(this.content.remaining() > 0) {
            dataSource.read(this.content);
        }

dataSource.read() can return -1. The code doesn't check for this.

tballison commented 4 years ago

Triggering file

testMP4.m4a-5-0-10.gz

tballison commented 4 years ago

Sorry. Not a problem.