MKV EBML parser causes infinite loop
VLC 2.1.0 nightly, Linux 32-bit, revision 38156fee
http://people.videolan.org/~jb/android_test/CONT-4G.mkv
Messages log:
[0x9033438] main demux debug: looking for demux module matching "mkv": 61 candidates
[0x9033438] mkv demux debug: | + Information
[0x9033438] mkv demux debug: | | + Muxing Application=libebml-0.6.3 & libmatroska-0.6.1
[0x9033438] mkv demux debug: | | + Writing Application=VirtualDubMod 1.5.10.1 (build 2366/release)
[0x9033438] mkv demux debug: | | + UID=-376188122
[0x9033438] mkv demux debug: | | + Duration=45200
[0x9033438] mkv demux debug: | | + Date=Thu Jul 28 20:39:44 2005
[0x9033438] mkv demux debug: | + Seek head
[0x9033438] mkv demux debug: | | + ParseSeekHead Unknown (N7libebml9EbmlCrc32E)
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - info at 36
[0x9033438] mkv demux debug: | + Information
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - tracks at 1128
[0x9033438] mkv demux debug: | + Tracks
[0x9033438] mkv demux debug: | | + Track Entry
[0x9033438] mkv demux debug: | | | + Track Number=1
[0x9033438] mkv demux debug: | | | + Track UID=3918779174
[0x9033438] mkv demux debug: | | | + Track Type=video
[0x9033438] mkv demux debug: | | | + Track MinCache=1
[0x9033438] mkv demux debug: | | | + Track CodecId=V_MS/VFW/FOURCC
[0x9033438] mkv demux debug: | | | + Track CodecPrivate size=40
[0x9033438] mkv demux debug: | | | + Track Lacing=0
[0x9033438] mkv demux debug: | | | + Track Default Duration=40000000
[0x9033438] mkv demux debug: | | | + Track Video
[0x9033438] mkv demux debug: | | | | + width=720
[0x9033438] mkv demux debug: | | | | + height=400
[0x9033438] mkv demux debug: | | | | + display width=720
[0x9033438] mkv demux debug: | | | | + display height=400
[0x9033438] mkv demux debug: | | | | + Track Video Display Unit=pixels
[0x9033438] mkv demux debug: | | + Track Entry
[0x9033438] mkv demux debug: | | | + Track Number=2
[0x9033438] mkv demux debug: | | | + Track UID=2722841749
[0x9033438] mkv demux debug: | | | + Track Type=audio
[0x9033438] mkv demux debug: | | | + Track CodecId=A_MPEG/L3
[0x9033438] mkv demux debug: | | | + Track Audio
[0x9033438] mkv demux debug: | | | | + afreq=48000
[0x9033438] mkv demux debug: | | | | + achan=2
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 1420
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 81860
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 98330
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 110933
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 123536
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 198847
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 431937
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 865454
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 1344603
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 1824955
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 2124806
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 2253277
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 2368874
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 2476025
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 2570954
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 2681225
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 2797855
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 2914069
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 3028934
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 3133090
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 3238392
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 3296634
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 3356380
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 3408189
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 3461015
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 3506494
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 3536413
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 3564960
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 3597962
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 3626684
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 3686183
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 3749578
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 3820577
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 3878021
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 3951889
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 3996390
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 4048194
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 4112244
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 4176279
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 4238983
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 4316691
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 4354599
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 4384264
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 4413336
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - unknown seekhead reference at 4547978
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - cues at 4682755
[0x9033438] mkv demux debug: | + Cues
[0x9033438] mkv demux debug: * Unknown (N7libebml9EbmlCrc32E)
[0x9033438] mkv demux debug: | - loading cues done.
[0x9033438] mkv demux debug: | | + Seek
[0x9033438] mkv demux debug: | - tags at 4682925
[0x9033438] mkv demux debug: | + Tags
[0x9033438] mkv demux debug: + Tag
[0x9033438] mkv demux debug: | + Targets
[0x9033438] mkv demux debug: | | + TrackUID: 3918779174
[0x9033438] mkv demux debug: + Tag
[0x9033438] mkv demux debug: | + Targets
[0x9033438] mkv demux debug: | | + TrackUID: 2722841749
[0x9033438] mkv demux error: Dummy element too large or misplaced... skipping to next upper element
<some ~400 lines omitted>
[0x9033438] mkv demux error: Dummy element too large or misplaced... skipping to next upper element
[0x9033438] mkv demux error: Dummy element too large or misplaced... skipping to next upper element
zsh: segmentation fault (core dumped) ./vlc -vvv
Backtrace:
[#0](https://code.videolan.org/videolan/vlc/-/issues/0) FileRead (p_access=0x90a1920, p_buffer=0xac4494de "", i_len=17449) at ../../../modules/access/file.c:290
p_sys = 0x9060180
fd = <optimized out>
val = <optimized out>
[#1](https://code.videolan.org/videolan/vlc/-/issues/1) 0xb75a2171 in AReadStream (s=<optimized out>, p_read=0xac4494de, i_read=17449) at ../../src/input/stream.c:1660
p_sys = 0x90a1af0
p_access = <optimized out>
p_input = 0x90358b8
i_read_orig = 17449
[#2](https://code.videolan.org/videolan/vlc/-/issues/2) 0xb75a2696 in AStreamRefillStream (s=0x90a1a88) at ../../src/input/stream.c:1363
i_off = <optimized out>
i_read = 17449
p_sys = <optimized out>
tk = 0x90a1b48
i_toread = 17449
b_read = <optimized out>
i_start = 651363092311710448
i_stop = <optimized out>
[#3](https://code.videolan.org/videolan/vlc/-/issues/3) 0xb75a2cee in AStreamSeekStream (s=0x90a1a88, i_pos=4682959) at ../../src/input/stream.c:1263
p_sys = <optimized out>
p_current = <optimized out>
p_access = <optimized out>
b_aseek = true
b_afastseek = true
i_skip_threshold = 4683094
tk = 0x90a1b48
i_tk_idx = <optimized out>
__PRETTY_FUNCTION__ = "AStreamSeekStream"
[#4](https://code.videolan.org/videolan/vlc/-/issues/4) 0xb75a45b1 in stream_Control (s=0x90a1a88, i_query=2) at ../../src/input/stream.c:1888
args = 0xacc55218 "\317tG"
[#5](https://code.videolan.org/videolan/vlc/-/issues/5) 0xabf25ccd in stream_Seek (i_pos=<optimized out>, s=<optimized out>) at ../../../include/vlc_stream.h:151
No locals.
[#6](https://code.videolan.org/videolan/vlc/-/issues/6) vlc_stream_io_callback::setFilePointer (this=0x9035d60, i_offset=4682959, mode=libebml::seek_beginning) at ../../../modules/demux/mkv/stream_io_callback.cpp:71
i_pos = <optimized out>
i_size = -6033533916675795746
[#7](https://code.videolan.org/videolan/vlc/-/issues/7) 0xabe429de in libebml::EbmlElement::FindNextElement(libebml::IOCallback&, libebml::EbmlSemanticContext const&, int&, unsigned long long, bool, unsigned int) () from /usr/lib/libebml.so.3
No symbol table info available.
[#8](https://code.videolan.org/videolan/vlc/-/issues/8) 0xabe46cee in libebml::EbmlStream::FindNextElement(libebml::EbmlSemanticContext const&, int&, unsigned long long, bool, unsigned int) () from /usr/lib/libebml.so.3
No symbol table info available.
[#9](https://code.videolan.org/videolan/vlc/-/issues/9) 0xabf1f76b in EbmlParser::Get (this=0xb3a174c8, n_call=0) at ../../../modules/demux/mkv/Ebml_parser.cpp:170
i_ulev = 0
p_prev = 0x0
i_size = <optimized out>
<...some ~27000 lines omitted...>
[#5408](https://code.videolan.org/videolan/vlc/-/issues/5408) 0xabf1fad0 in EbmlParser::Get (this=0xb3a174c8, n_call=0) at ../../../modules/demux/mkv/Ebml_parser.cpp:238
b_bad_position = <optimized out>
i_ulev = 0
p_prev = 0x4774d6
i_size = <optimized out>
[#5409](https://code.videolan.org/videolan/vlc/-/issues/5409) 0xabf1fad0 in EbmlParser::Get (this=0xb3a174c8, n_call=0) at ../../../modules/demux/mkv/Ebml_parser.cpp:238
b_bad_position = <optimized out>
i_ulev = 0
p_prev = 0x4774d6
i_size = <optimized out>
[#5410](https://code.videolan.org/videolan/vlc/-/issues/5410) 0xabf11ed4 in matroska_segment_c::LoadTags (this=0xb3a170a0, tags=0xb3a172c0) at ../../../modules/demux/mkv/matroska_segment.cpp:344
p_tag = 0xb3a15e30
target_type = <optimized out>
ep = 0xb3a174c8
el = <optimized out>
[#5411](https://code.videolan.org/videolan/vlc/-/issues/5411) 0xabf12704 in matroska_segment_c::LoadSeekHeadItem (this=0xb3a170a0, ClassInfos=..., i_element_position=4682925) at ../../../modules/demux/mkv/matroska_segment.cpp:746
i_sav_position = 961
el = 0xb3a172c0
[#5412](https://code.videolan.org/videolan/vlc/-/issues/5412) 0xabf133b2 in matroska_segment_c::ParseSeekHead (this=0xb3a170a0, seekhead=0xb3a171c8) at ../../../modules/demux/mkv/matroska_segment_parse.cpp:146
id = <optimized out>
i_pos = <optimized out>
ep = 0xb3a17378
l = <optimized out>
b_seekable = true
[#5413](https://code.videolan.org/videolan/vlc/-/issues/5413) 0xabf0f057 in matroska_segment_c::Preload (this=0xb3a170a0) at ../../../modules/demux/mkv/matroska_segment.cpp:594
el = 0xb3a171c8
[#5414](https://code.videolan.org/videolan/vlc/-/issues/5414) 0xabf3cd8b in Open (p_this=0x90a1d18) at ../../../modules/demux/mkv/mkv.cpp:133
i = <optimized out>
p_sys = 0x90a6268
s_path = {static npos = <optimized out>, _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0xb71eb9dc ""}}
s_filename = {static npos = <optimized out>, _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0xb71eb9dc ""}}
p_io_callback = 0x9035d00
p_io_stream = <optimized out>
b_need_preload = <optimized out>
p_demux = 0x90a1d18
p_stream = 0xb3a0b048
p_segment = <optimized out>
p_peek = 0xabfd2008 "\032Eߣ\223B\202\210matroskaB\207\201\001B\205\201\001\030S\200g\001"
[#5415](https://code.videolan.org/videolan/vlc/-/issues/5415) 0xb75d51e0 in generic_start (func=0xabf3ca30, ap=0xaccd3ff8 " ") at ../../src/modules/modules.c:351
obj = <optimized out>
activate = 0xabf3ca30 <Open(vlc_object_t*)>
[#5416](https://code.videolan.org/videolan/vlc/-/issues/5416) 0xb75d525a in module_load (obj=<optimized out>, m=0x8ea7330, init=0xb75d51d0 <generic_start>, args=0xaccd3ff4 "\030\035\n\t ") at ../../src/modules/modules.c:185
ap = 0xaccd3ff4 "\030\035\n\t "
ret = 0
[#5417](https://code.videolan.org/videolan/vlc/-/issues/5417) 0xb75d590a in vlc_module_load (obj=0x90a1d18, capability=0xb76138f2 "demux", name=0xb7613c27 "", strict=true, probe=0xb75d51d0 <generic_start>) at ../../src/modules/modules.c:277
cand = 0x8ea7330
ret = <optimized out>
i = <optimized out>
buf = "any", '\000' <repeats 13 times>, "\020", '\000' <repeats 11 times>, " \000\000"
slen = <optimized out>
shortcut = 0xaccd3f9c "any"
var = 0x0
mods = 0x90a1d70
total = 61
module = 0x0
b_force_backup = false
args = 0xaccd3ff4 "\030\035\n\t "
[#5418](https://code.videolan.org/videolan/vlc/-/issues/5418) 0xb75d5d52 in module_need (obj=0x90a1d18, cap=0xb76138f2 "demux", name=0x8db0df8 "", strict=true) at ../../src/modules/modules.c:366
No locals.
[#5419](https://code.videolan.org/videolan/vlc/-/issues/5419) 0xb7589746 in demux_New (p_obj=0x90358b8, p_parent_input=0x90358b8, psz_access=0x903c2c8 "file", psz_demux=0xb762b04d "", psz_location=0x90a1ad8 "/tmp/CONT-4G.mkv", s=0x90a1a88, out=0x901bd18, b_quick=true) at ../../src/input/demux.c:188
p_demux = <optimized out>
psz_module = 0x8db0df8 ""
psz_ext = <optimized out>
[#5420](https://code.videolan.org/videolan/vlc/-/issues/5420) 0xb7597df8 in InputSourceInit (p_input=0x90358b8, in=<optimized out>, psz_mrl=0x8f973d0 "file:///tmp/CONT-4G.mkv", psz_forced_demux=0x0, b_in_can_fail=false) at ../../src/input/input.c:2588
i_input_list = <optimized out>
ppsz_input_list = <optimized out>
psz_stream_filter = 0x901bd18 "\300+Y\267\340*Y\267\220(Y\267\360\065Y\267P*Y\267\340X\003\t "
psz_access = 0x903c2c8 "file"
psz_demux = 0xb762b04d ""
psz_path = 0x903c2cf "/tmp/CONT-4G.mkv"
psz_anchor = 0xb762b04d ""
psz_var_demux = 0x0
f_fps = <optimized out>
__PRETTY_FUNCTION__ = "InputSourceInit"
psz_dup = 0x903c2c8 "file"
[#5421](https://code.videolan.org/videolan/vlc/-/issues/5421) 0xb7598e2f in Init (p_input=0x90358b8) at ../../src/input/input.c:1245
p_meta = <optimized out>
i = <optimized out>
i_length = <optimized out>
[#5422](https://code.videolan.org/videolan/vlc/-/issues/5422) 0xb759aaef in input_Preparse (p_parent=0x8eb1ca0, p_item=0x909e7f8) at ../../src/input/input.c:201
p_input = 0x90358b8
[#5423](https://code.videolan.org/videolan/vlc/-/issues/5423) 0xb7576ac8 in Preparse (p_item=0x909e7f8, obj=<optimized out>) at ../../src/playlist/preparser.c:137
i_type = <optimized out>
[#5424](https://code.videolan.org/videolan/vlc/-/issues/5424) Thread (data=0x8eb26d0) at ../../src/playlist/preparser.c:217
p_current = 0x909e7f8
p_preparser = 0x8eb26d0
obj = 0x8eb1ca0
[#5425](https://code.videolan.org/videolan/vlc/-/issues/5425) 0xb77d6d31 in start_thread (arg=0xaccd4b70) at pthread_create.c:304
__res = <optimized out>
pd = 0xaccd4b70
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1216446476, 0, 4001536, -1395833704, 563475555, 1103664724}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
robust = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#5426 (closed) 0xb771f87e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 No locals. Backtrace stopped: Not enough registers or memory available to unwind further }}}