[FFmpeg-cvslog] avio: exit early in fill_buffer without read_packet
Janne Grunau
git at videolan.org
Thu Jan 5 02:18:54 CET 2012
ffmpeg | branch: master | Janne Grunau <janne-libav at jannau.net> | Tue Jan 3 18:11:36 2012 +0100| [a2d1d216291fd8c1f4a8b3bad4f0b50c084ba96d] | committer: Janne Grunau
avio: exit early in fill_buffer without read_packet
Fixes an invalid free() with ass in avi. The sample in bug 98 passes
parts of AVPacket.data as buffer for the AVIOContext. Since the packet
is quite large fill_buffer tries to reallocate the buffer before doing
nothing. Fixes bug 98.
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a2d1d216291fd8c1f4a8b3bad4f0b50c084ba96d
---
libavformat/aviobuf.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c
index 898f35d..dbbbba5 100644
--- a/libavformat/aviobuf.c
+++ b/libavformat/aviobuf.c
@@ -565,6 +565,10 @@ static void fill_buffer(AVIOContext *s)
int len= s->buffer_size - (dst - s->buffer);
int max_buffer_size = s->max_packet_size ? s->max_packet_size : IO_BUFFER_SIZE;
+ /* can't fill the buffer without read_packet, just set EOF if appropiate */
+ if (!s->read_packet && s->buf_ptr >= s->buf_end)
+ s->eof_reached = 1;
+
/* no need to do anything if EOF already reached */
if (s->eof_reached)
return;
More information about the ffmpeg-cvslog
mailing list