[MPlayer-cvslog] r26644 - trunk/libmpdemux/demux_asf.c
Evgeniy Stepanov
eugeni.stepanov at gmail.com
Fri May 2 18:46:28 CEST 2008
On Friday 02 May 2008 19:48:36 Michael Niedermayer wrote:
> On Fri, May 02, 2008 at 03:33:14PM +0200, eugeni wrote:
> > Author: eugeni
> > Date: Fri May 2 15:33:14 2008
> > New Revision: 26644
> >
> > Log:
> > Check ASF packet size before calling demux_asf_read_packet. Fixes
> > segfault with damaged ASF files.
[...]
> How does adding assert() prevent a segfault?
Huh? By leaving the program immediately instead of segfaulting later.
> And what kind of segfault is this? The writing data from the file outside
> the buffer type or is it just reading? Not that i think that it would take
> more than a minute to find a way to make the code write out of the
> buffers.
>
> [...]
Damaged files produce random packet lengths, sometimes negative. This results
in writing outside of the demux_packet's buffer. With assert it is at least
not exploitable.
Taking a closer look, asf seems to have fixed size pages, and demuxer should
just skip to the next one in this case? Perhaps I was too hasty to commit.
More information about the MPlayer-cvslog
mailing list