[MPlayer-cvslog] r26644 - trunk/libmpdemux/demux_asf.c
eugeni
subversion at mplayerhq.hu
Fri May 2 15:33:14 CEST 2008
Author: eugeni
Date: Fri May 2 15:33:14 2008
New Revision: 26644
Log:
Check ASF packet size before calling demux_asf_read_packet. Fixes segfault
with damaged ASF files.
Modified:
trunk/libmpdemux/demux_asf.c
Modified: trunk/libmpdemux/demux_asf.c
==============================================================================
--- trunk/libmpdemux/demux_asf.c (original)
+++ trunk/libmpdemux/demux_asf.c Fri May 2 15:33:14 2008
@@ -3,6 +3,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
+#include <assert.h>
#include "config.h"
#include "mp_msg.h"
@@ -501,6 +502,7 @@ static int demux_asf_fill_buffer(demuxer
p++;
//printf(" group part: %d bytes\n",len2);
if(len2 > len - 1) break; // Not enough data
+ assert(len2 > 0 && len2 <= asf->packetsize);
demux_asf_read_packet(demux,p,len2,streamno,seq,x,duration,-1,keyframe);
p+=len2;
len-=len2+1;
@@ -513,8 +515,10 @@ static int demux_asf_fill_buffer(demuxer
default:
// NO GROUPING:
//printf("fragment offset: %d \n",sh->x);
- if (!asf->asf_is_dvr_ms || asf->found_first_key_frame)
+ if (!asf->asf_is_dvr_ms || asf->found_first_key_frame) {
+ assert(len > 0 && len <= asf->packetsize);
demux_asf_read_packet(demux,p,len,streamno,seq,time2,duration,x,keyframe);
+ }
p+=len;
break;
}
More information about the MPlayer-cvslog
mailing list