[Ffmpeg-devel] Re: [PATCH] mov.c clean and enhancements
Baptiste COUDURIER
baptiste.coudurier
Sat Feb 18 13:19:31 CET 2006
Michael Niedermayer wrote:
> Hi
>
> [...]
>> +static int mov_read_alac(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
>> +{
>> + AVStream *st = c->fc->streams[c->fc->nb_streams-1];
>> +
>> + // currently ALAC decoder expect full atom header - so let's fake it
>> + // this should be fixed and just ALAC header should be passed
>> +
>> + av_free(st->codec->extradata);
>> + st->codec->extradata_size = atom.size + 8;
>> + st->codec->extradata = (uint8_t*) av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
>> +
>> + if (st->codec->extradata) {
>> + strcpy(st->codec->extradata + 4, "alac"); // fake
>> + get_buffer(pb, st->codec->extradata + 8, atom.size);
>> + dprintf("Reading alac %Ld %s\n", atom.size, (char*)st->codec->extradata);
>> + } else
>> + url_fskip(pb, atom.size);
>> + return 0;
>
> is there anything which prevents atom.size + 8 + FF_INPUT_BUFFER_PADDING_SIZE
> from overflowing? if no then extradata will be too small and you have a heap
> overflow
>
>
> [...]
>
Ok, is it better this way ?
--
Baptiste COUDURIER GnuPG Key Id: 0x5C1ABAAA
SMARTJOG S.A. http://www.smartjog.com
Key fingerprint 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
Phone: +33 1 49966312
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: mov_stsd_audio_clean.patch
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20060218/4c2325c2/attachment.asc>
More information about the ffmpeg-devel
mailing list