[FFmpeg-devel] [PATCH] fix mlp_parser crash if we lack first part of header
Reimar Döffinger
Reimar.Doeffinger
Mon Jan 25 00:21:24 CET 2010
Hello,
we parse i - 7 (i.e. possibly - 7) to ff_combine_frame, which crashes
if we do not have enough data in the parser buffer (maybe that
function would better check for this?)
This fixes it:
Index: libavcodec/mlp_parser.c
===================================================================
--- libavcodec/mlp_parser.c (revision 21431)
+++ libavcodec/mlp_parser.c (working copy)
@@ -176,7 +176,9 @@
for (i = 0; i < buf_size; i++) {
mp->pc.state = (mp->pc.state << 8) | buf[i];
- if ((mp->pc.state & 0xfffffffe) == 0xf8726fba) {
+ if ((mp->pc.state & 0xfffffffe) == 0xf8726fba &&
+ // ignore if we do not have the data for the start of header
+ mp->pc.index + i >= 7) {
mp->in_sync = 1;
mp->bytes_left = 0;
break;
More information about the ffmpeg-devel
mailing list