[FFmpeg-devel] [PATCH] Fix crash in cdxa_probe() when opening HTTP URL

Jon Foster jon
Wed Oct 31 23:21:22 CET 2007


This patch fixes a crash when calling av_open_input_file() with a http: URL.
This crash happens because buf is NULL and buf_size is 0, but cdxa_probe()
dereferences buf without checking.  The patch adds a check that buf_size
is big enough to contain the signature.

Index: libavformat/mpeg.c
===================================================================
--- libavformat/mpeg.c	(revision 10885)
+++ libavformat/mpeg.c	(working copy)
@@ -35,7 +35,8 @@
  static int cdxa_probe(AVProbeData *p)
  {
      /* check file header */
-    if (p->buf[0] == 'R' && p->buf[1] == 'I' &&
+    if (p->buf_size >= 8 &&
+        p->buf[0] == 'R' && p->buf[1] == 'I' &&
          p->buf[2] == 'F' && p->buf[3] == 'F' &&
          p->buf[8] == 'C' && p->buf[9] == 'D' &&
          p->buf[10] == 'X' && p->buf[11] == 'A')




More information about the ffmpeg-devel mailing list