[FFmpeg-devel] [PATCH] Fix crash in cdxa_probe() when opening HTTP URL
Jon Foster
jon
Wed Oct 31 23:21:22 CET 2007
This patch fixes a crash when calling av_open_input_file() with a http: URL.
This crash happens because buf is NULL and buf_size is 0, but cdxa_probe()
dereferences buf without checking. The patch adds a check that buf_size
is big enough to contain the signature.
Index: libavformat/mpeg.c
===================================================================
--- libavformat/mpeg.c (revision 10885)
+++ libavformat/mpeg.c (working copy)
@@ -35,7 +35,8 @@
static int cdxa_probe(AVProbeData *p)
{
/* check file header */
- if (p->buf[0] == 'R' && p->buf[1] == 'I' &&
+ if (p->buf_size >= 8 &&
+ p->buf[0] == 'R' && p->buf[1] == 'I' &&
p->buf[2] == 'F' && p->buf[3] == 'F' &&
p->buf[8] == 'C' && p->buf[9] == 'D' &&
p->buf[10] == 'X' && p->buf[11] == 'A')
More information about the ffmpeg-devel
mailing list