From 7b740916f2391f57a83a3e13d74997c4a285260f Mon Sep 17 00:00:00 2001
From: Steve Lhomme <robux4@ycbcr.xyz>
Date: Tue, 2 Jun 2026 11:37:54 +0200
Subject: [PATCH] EbmlMaster: fix leak on upper element found inside the last
 element

We found an upper element and there is not data to read after the current
element within its parent. That upper element is misplaced and should be
discarded.
The last element is truncated and doesn't contain the rest of its data.
---
 src/EbmlMaster.cpp | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/EbmlMaster.cpp b/src/EbmlMaster.cpp
index 87ea59f3..e24466d1 100644
--- a/src/EbmlMaster.cpp
+++ b/src/EbmlMaster.cpp
@@ -359,8 +359,13 @@ void EbmlMaster::Read(EbmlStream & inDataStream, const EbmlSemanticContext & sCo
 
           if (UpperEltFound) {
             --UpperEltFound;
-            if (UpperEltFound > 0 || MaxSizeToRead <= 0)
+            if (UpperEltFound > 0)
               goto processCrc;
+            if (MaxSizeToRead <= 0) {
+              delete FoundElt;
+              FoundElt = nullptr;
+              goto processCrc;
+            }
             ElementLevelA = FoundElt;
           }
 
@@ -372,6 +377,11 @@ void EbmlMaster::Read(EbmlStream & inDataStream, const EbmlSemanticContext & sCo
         UpperEltFound--;
         if (UpperEltFound > 0 || MaxSizeToRead <= 0)
           goto processCrc;
+        if (MaxSizeToRead <= 0) {
+          delete FoundElt;
+          FoundElt = nullptr;
+          goto processCrc;
+        }
         ElementLevelA = FoundElt;
         continue;
       }