[MPlayer-cvslog] r26644 - trunk/libmpdemux/demux_asf.c

Michael Niedermayer michaelni at gmx.at
Fri May 2 17:48:36 CEST 2008


On Fri, May 02, 2008 at 03:33:14PM +0200, eugeni wrote:
> Author: eugeni
> Date: Fri May  2 15:33:14 2008
> New Revision: 26644
> 
> Log:
> Check ASF packet size before calling demux_asf_read_packet. Fixes segfault
> with damaged ASF files.
[...]
> @@ -501,6 +502,7 @@ static int demux_asf_fill_buffer(demuxer
>  		  p++;
>                    //printf("  group part: %d bytes\n",len2);
>                    if(len2 > len - 1) break; // Not enough data
> +                  assert(len2 > 0 && len2 <= asf->packetsize);
>                    demux_asf_read_packet(demux,p,len2,streamno,seq,x,duration,-1,keyframe);
>                    p+=len2;
>  		  len-=len2+1;
> @@ -513,8 +515,10 @@ static int demux_asf_fill_buffer(demuxer
>                default:
>                  // NO GROUPING:
>                  //printf("fragment offset: %d  \n",sh->x);
> -                if (!asf->asf_is_dvr_ms || asf->found_first_key_frame)
> +                if (!asf->asf_is_dvr_ms || asf->found_first_key_frame) {
> +                    assert(len > 0 && len <= asf->packetsize);
>                      demux_asf_read_packet(demux,p,len,streamno,seq,time2,duration,x,keyframe);
> +                }
>                  p+=len;
>                  break;

How does adding assert() prevent a segfault?
And what kind of segfault is this? The writing data from the file outside
the buffer type or is it just reading? Not that i think that it would take
more than  a minute to find a way to make the code write out of the buffers.

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

No great genius has ever existed without some touch of madness. -- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/mplayer-cvslog/attachments/20080502/a88954a9/attachment.pgp>


More information about the MPlayer-cvslog mailing list