x RIFF: fix bad seek in big chunks e.g. aXML with odd size

MediaArea · Nov 28, 2024 · 075664b · 075664b
1 parent fcf80a1
commit 075664b
Showing 1 changed file with 6 additions and 19 deletions.
diff --git a/Source/MediaInfo/Multiple/File_Riff.cpp b/Source/MediaInfo/Multiple/File_Riff.cpp
@@ -833,24 +833,26 @@ bool File_Riff::Header_Begin()
                     Element_Size-=BlockAlign;
                 if (Element_Size==0)
                     Element_Size=BlockAlign;
-                if (Buffer_Offset+Element_Size>Buffer_Size)
+                if (Element_Size>Buffer_Size-Buffer_Offset)
                     return false;
             }
             else
         #endif //MEDIAINFO_DEMUX
-        if (File_Offset+Buffer_Size<=Buffer_DataToParse_End)
+        if (File_Offset+Buffer_Size<Buffer_DataToParse_End)
         {
-            Element_Size=Buffer_Size; //All the buffer is used
+            Element_Size=Buffer_Size-Buffer_Offset; //All the buffer is used
             Alignement_ExtraByte=0;
         }
         else
         {
             Element_Size=Buffer_DataToParse_End-(File_Offset+Buffer_Offset);
 
             //Alignment
-            if (Element_Size%2 && File_Offset+Buffer_Size>=Buffer_DataToParse_End && Buffer_DataToParse_End<File_Size)
+            if (Buffer_DataToParse_End%2 && Buffer_DataToParse_End<File_Size)
             {
                 Element_Size++; //Always 2-byte aligned
+                if ((size_t)Element_Size>Buffer_Size-Buffer_Offset)
+                    return false;
                 Alignement_ExtraByte=1;
             }
             else
@@ -859,9 +861,6 @@ bool File_Riff::Header_Begin()
             Buffer_DataToParse_End=0;
         }
 
-        if (Buffer_Offset+(size_t)Element_Size>Buffer_Size)
-            return false;
-
         // Fake header
         Element_Begin1("...Continued"); //TODO: better method
         Element_ThisIsAList();
@@ -878,10 +877,6 @@ bool File_Riff::Header_Begin()
             Header_Fill_Size(Element_Size);
         Element_End();
 
-        //Alignement specific
-        if (Alignement_ExtraByte && Alignement_ExtraByte<=Element_Size)
-            Element_Size-=Alignement_ExtraByte;
-
         switch (Kind)
         {
             case Kind_Wave : WAVE_data_Continue(); break;
@@ -891,14 +886,6 @@ bool File_Riff::Header_Begin()
             default        : AVI__movi_xxxx();
         }
 
-        //Alignement specific
-        if (Alignement_ExtraByte)
-        {
-            Element_Size+=Alignement_ExtraByte;
-            if (Element_Offset+Alignement_ExtraByte==Element_Size)
-                Skip_XX(Alignement_ExtraByte,                       "Alignement");
-        }
-
         bool ShouldStop=false;
         if (Kind!=Kind_Axml && Config->ParseSpeed<1.0 && File_Offset+Buffer_Offset+Element_Offset-Buffer_DataToParse_Begin>=256*1024)
         {