[Matroska-devel] libmatroska CVS + EbmlMaster::Read == b0rk

Cyrius suiryc at yahoo.com
Fri Jan 16 01:48:08 CET 2004


Let's go straight to the point :p
The current libmatroska CVS has some parts hidden (e.g. some EBML
elements that will either be removed, or changed, or whatever) such as
KaxTrackFlagEnabled, .... and KaxTrackVideoDisplayUnit (or something
like that).

This triggers a bug when calling EbmlMaster::Read.
An exemple, in the KaxTracks element

Here is the content of the element:

|  +->...
|  +->KaxTrackVideo
|     +->...
|     +->KaxTrackVideoDisplayUnit
|  +->...

currently in the CVS KaxTrackVideoDisplayUnit has been hidden (in other
words it isn't recognized as a valid EBML element in the matroska

Now when I call Read on the first KaxTrackEntry (which thus actually
call EbmlMaster::Read), everything goes fine ... until the code reach
this last (now hidden) element (display unit).

At this point the call stack would be :


What would happen in the past (when the element was still recognized) :

FindNextElement find the KaxTrackVideoDisplayUnit (at the same level
than the previous element, i.e. UpperElementLevel==0), and returns it.
EbmlMaster::Read (KaxTrackVideo level) then keep on its loop to read
elements :

(line 417)
while (ElementLevelA != NULL && MaxSizeToRead > 0 && UpperEltFound <=

then the code call ElementLevelA->Read to fill the element. Since it
was the last one, now MaxSizeToRead==0, and the code leave the loop and
the Read function returns (with UpperEltFound == 0)

EbmlMaster::Read (KaxTrackEntry level) had just called
ElementLevelA->Read (ElementLevelA being the KaxTrackVideo), and since
MaxSizeToRead==0, it also returns (again with UpperEltFound == 0)

Since UpperEltFound==0, the calling code (VirtualDubMod) then ask the
library to find the next ebml element and all is fine.

What happens now :

FindNextElement doesn't recognize KaxTrackVideoDisplayUnit and thus
keep on searching. Since it was the last element inside the first
KaxTrackEntry, It finally find the next KaxTrackEntry. It thus returns
with UpperElementLevel==2 (indeed a KaxTrackEntry is 2 levels upper
than the elements inside a KaxTrakVideo element).

EbmlMaster::Read (KaxTrackVideo level) then leave at once the loop
because UpperEltFound>0 (see the 'while' test).
It thus returns, with UpperEltFound==2.

EbmlMaster::Read (KaxTrackEntry level) had just called
ElementLevelA->Read, and since MaxSizeToRead==0 it also returns (with

So now the calling code get a UpperEltLevel==2 as answer from
libmatroska (compared to 0 in the past) and thus think that the next
element is 2 levels upper. This was of course true inside libmatroska
(the next element, a KaxTrackEntry, is indeed 2 levels upper than the
KaxTrackVideo children), but completly wrong for the calling code
(which is only inside KaxTracks, i.e. already at the KaxTrackEntry
This of course make the calling code unable to correctly process the
next elements until it reaches an element at a upper level.

Best regards

Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes

More information about the Matroska-devel mailing list