Skip to content

Use readOrThrow in MatroskaVideo::decodeBlock for EOF detection#9282

Open
MarkLee131 wants to merge 1 commit intoExiv2:mainfrom
MarkLee131:fix/matroska-check-read-return
Open

Use readOrThrow in MatroskaVideo::decodeBlock for EOF detection#9282
MarkLee131 wants to merge 1 commit intoExiv2:mainfrom
MarkLee131:fix/matroska-check-read-return

Conversation

@MarkLee131
Copy link
Copy Markdown

@MarkLee131 MarkLee131 commented Mar 29, 2026

Fix #9281:

Four io_->read() calls in decodeBlock() do not check the return value. On a truncated file, the buffer may contain stale data from the previous iteration.

Replace them with readOrThrow() to throw on short reads. This is consistent with the ASF parser fix in PR #3005.

@MarkLee131
Use readOrThrow in MatroskaVideo::decodeBlock for EOF detection
0a70dfe 
Four io_->read() calls in decodeBlock() do not check the return
value. On a truncated file, the buffer may contain stale data
from the previous iteration.

Replace them with readOrThrow() to throw on short reads. This
is consistent with the ASF parser fix in PR Exiv2#3005.
Copilot AI review requested due to automatic review settings March 29, 2026 15:03
Copilot AI reviewed Mar 29, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the Matroska (MKV) metadata parser to avoid using partially-read buffers when parsing truncated files, aligning behavior with prior EOF-handling hardening done in other parsers.

Changes:

  • Replace four unchecked io_->read() calls in MatroskaVideo::decodeBlock() with io_->readOrThrow(...).
  • Ensure short reads during tag-id, size, and payload reads are treated as corrupted metadata (exception) instead of silently continuing.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

src/matroskavideo.cpp
Comment on lines 660 to +662
}

io_->read(buf, 1);
io_->readOrThrow(buf, 1, ErrorCode::kerCorruptedMetadata);
Copy link

Copilot AI Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

decodeBlock() still uses io_->read(buf, 1) for the first byte and only checks eof(). If the read fails due to an I/O error (e.g., ferror) without setting EOF, buf[0] can remain uninitialized and the subsequent tag parsing will use garbage. Consider checking the returned byte count and io_->error(), or switching to readOrThrow() with a special-case for clean EOF (0 bytes + eof()) to stop traversal.

Copilot uses AI. Check for mistakes.
src/matroskavideo.cpp
Comment on lines 684 to +686

DataBuf buf2(bufMaxSize + 1);
io_->read(buf2.data(), size);
io_->readOrThrow(buf2.data(), size, ErrorCode::kerCorruptedMetadata);
Copy link

Copilot AI Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These new readOrThrow() paths change truncated-file behavior from “silently continue with stale/partial data” to “throw kerCorruptedMetadata”. Since there are existing gtest unit tests for MatroskaVideo, it would be good to add a regression test that feeds a minimal valid MKV header followed by a truncated element and asserts readMetadata() throws (and does not populate metadata).

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Matroska parser does not check return values of io_->read() in decodeBlock()

2 participants

@MarkLee131