[Ffmpeg-devel] Re: [PATCH] mov.c clean and enhancements
Michael Niedermayer
michaelni
Sun Feb 19 21:01:36 CET 2006
Hi
On Sat, Feb 18, 2006 at 01:19:31PM +0100, Baptiste COUDURIER wrote:
> Michael Niedermayer wrote:
> > Hi
> >
> > [...]
> >> +static int mov_read_alac(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
> >> +{
> >> + AVStream *st = c->fc->streams[c->fc->nb_streams-1];
> >> +
> >> + // currently ALAC decoder expect full atom header - so let's fake it
> >> + // this should be fixed and just ALAC header should be passed
> >> +
> >> + av_free(st->codec->extradata);
> >> + st->codec->extradata_size = atom.size + 8;
> >> + st->codec->extradata = (uint8_t*) av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
> >> +
> >> + if (st->codec->extradata) {
> >> + strcpy(st->codec->extradata + 4, "alac"); // fake
> >> + get_buffer(pb, st->codec->extradata + 8, atom.size);
> >> + dprintf("Reading alac %Ld %s\n", atom.size, (char*)st->codec->extradata);
> >> + } else
> >> + url_fskip(pb, atom.size);
> >> + return 0;
> >
> > is there anything which prevents atom.size + 8 + FF_INPUT_BUFFER_PADDING_SIZE
> > from overflowing? if no then extradata will be too small and you have a heap
> > overflow
> >
> >
> > [...]
> >
>
> Ok, is it better this way ?
yes, applied
[...]
--
Michael
More information about the ffmpeg-devel
mailing list