From 6a14c30e3bbf5f665eeab5d54723ddc6690d2978 Mon Sep 17 00:00:00 2001
From: Vicki Pfau <vi@endrift.com>
Date: Mon, 24 Apr 2017 14:01:14 -0700
Subject: [PATCH] Core: Enforce max mVL block size

---
 src/feature/video-logger.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/feature/video-logger.c b/src/feature/video-logger.c
index ee773795b..98b6956db 100644
--- a/src/feature/video-logger.c
+++ b/src/feature/video-logger.c
@@ -22,6 +22,7 @@
 #endif
 
 #define BUFFER_BASE_SIZE 0x20000
+#define MAX_BLOCK_SIZE 0x800000
 
 const char mVL_MAGIC[] = "mVL\0";
 
@@ -530,6 +531,12 @@ bool _readBlockHeader(struct mVideoLogContext* context, struct mVLBlockHeader* h
 	LOAD_32LE(header->length, 0, &buffer.length);
 	LOAD_32LE(header->channelId, 0, &buffer.channelId);
 	LOAD_32LE(header->flags, 0, &buffer.flags);
+
+	if (header->length > MAX_BLOCK_SIZE) {
+		// Pre-emptively reject blocks that are too big.
+		// If we encounter one, the file is probably corrupted.
+		return false;
+	}
 	return true;
 }