[MPlayer-cvslog] r37583 - trunk/libmpcodecs/ad_hwac3.c
rtogni
subversion at mplayerhq.hu
Mon Jan 4 17:16:09 CET 2016
Author: rtogni
Date: Mon Jan 4 17:16:08 2016
New Revision: 37583
Log:
ad_hwac3: Fix access to NULL demuxer buffer by demux_getc()
Fixes a crash with a fuzzed file reported by Gustavo Grieco:
SIGSEGV.PC.5555557239a3.STACK.196eb6119e.CODE.1.ADDR.\(nil\).INSTR.movzbl_\(%rcx\,%rdx\,1\)\,%ecx.fuzz
Modified:
trunk/libmpcodecs/ad_hwac3.c
Modified: trunk/libmpcodecs/ad_hwac3.c
==============================================================================
--- trunk/libmpcodecs/ad_hwac3.c Fri Jan 1 16:15:43 2016 (r37582)
+++ trunk/libmpcodecs/ad_hwac3.c Mon Jan 4 17:16:08 2016 (r37583)
@@ -168,6 +168,11 @@ static int preinit(sh_audio_t *sh)
static int init(sh_audio_t *sh_audio)
{
+ demux_stream_t *ds = sh_audio->ds;
+
+ /* Ensure that the demuxer buffer is not empty */
+ if(ds->buffer_pos >= ds->buffer_size && !ds_fill_buffer(ds))
+ return 0;
/* Dolby AC3 passthrough:*/
if(ac3dts_fillbuff(sh_audio) < 0)
{
More information about the MPlayer-cvslog
mailing list