Highlights
Integer Overflow: 3 prior fixes. Scrutinize any change in this area.
mkvparser.cpp: most-fixed (2 issues). Treat as high-risk during review.
4 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns
The bug types that recur here, drawn from past fixes, not open vulnerabilities.
Integer Overflow: A high risk of integer truncation exists in MKV parser logic when handling large metadata structures like CuePoint track positions or unsigned 64-bit UIDs. High-bit set overflows can lead to sign-extension truncation, which bypassed status checks or caused out-of-bounds indexing.
Memory Corruption: Integer overflows when aggregating and counting internal MKV container elements (SeekHead, CuePoint, Tracks) directly translate to incorrect allocation counts and subsequent out-of-bounds memory writes during structural parsing.
Use After Free: The Segment frame queue in the muxer can enter an inconsistent state during write failures, leaving deleted frame pointers in the active queue and culminating in use-after-free and null pointer dereferences.