From 5830fc42252b22b56997906a47342d4fb1626b26 Mon Sep 17 00:00:00 2001
From: Thomas Goyne <plorkyeran@aegisub.org>
Date: Tue, 20 May 2014 09:44:20 -0700
Subject: [PATCH] Don't limit CodecPrivate to 256KB

---
 src/MatroskaParser.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/MatroskaParser.c b/src/MatroskaParser.c
index 83f00f77c..c50f494f6 100644
--- a/src/MatroskaParser.c
+++ b/src/MatroskaParser.c
@@ -151,6 +151,8 @@ struct MatroskaFile {
   int	      bufpos; // current read position in buffer
   int	      buflen; // valid bytes in buffer
 
+  void	      *cpbuf;
+
   // error reporting
   char	      errmsg[128];
   jmp_buf     jb;
@@ -407,6 +409,9 @@ static void   myvsnprintf(char *dest,unsigned dsize,const char *fmt,va_list ap)
 static void   errorjmp(MatroskaFile *mf,const char *fmt, ...) {
   va_list   ap;
 
+  mf->cache->memfree(mf->cache, mf->cpbuf);
+  mf->cpbuf = NULL;
+
   va_start(ap, fmt);
   myvsnprintf(mf->errmsg,sizeof(mf->errmsg),fmt,ap);
   va_end(ap);
@@ -1330,10 +1335,14 @@ static void parseTrackEntry(MatroskaFile *mf,uint64_t toplen) {
     case 0x63a2: // CodecPrivate
       if (cp)
 	errorjmp(mf,"Duplicate CodecPrivate");
-      if (len>262144) // 256KB
-	errorjmp(mf,"CodecPrivate is too large: %d",(int)len);
       cplen = (unsigned)len;
-      cp = alloca(cplen);
+      if (len > 262144) { // 256KB
+	cp = mf->cpbuf = mf->cache->memalloc(mf->cache, cplen);
+	if (!cp)
+	  errorjmp(mf,"Out of memory");
+      }
+      else
+	cp = alloca(cplen);
       readbytes(mf,cp,(int)cplen);
       break;
     case 0x258688: // CodecName
@@ -1514,9 +1523,12 @@ static void parseTrackEntry(MatroskaFile *mf,uint64_t toplen) {
 
 static void parseTracks(MatroskaFile *mf,uint64_t toplen) {
   mf->seen.Tracks = 1;
+  mf->cpbuf = NULL;
   FOREACH(mf,toplen)
     case 0xae: // TrackEntry
       parseTrackEntry(mf,len);
+      mf->cache->memfree(mf->cache, mf->cpbuf);
+      mf->cpbuf = NULL;
       break;
   ENDFOR(mf);
 }