[MPlayer-cvslog] r37587 - trunk/libmpdemux/demux_gif.c
rtogni
subversion at mplayerhq.hu
Mon Jan 4 21:16:54 CET 2016
Author: rtogni
Date: Mon Jan 4 21:16:53 2016
New Revision: 37587
Log:
demux_gif: do not crash on broken graphic extension block.
Fixes a crash with a fuzzed file reported by Gustavo Grieco:
SIGSEGV.PC.5555557f806b.STACK.f840a42d3.CODE.1.ADDR.\(nil\).INSTR.cmpb___\$0x4,\(%rax\).fuzz
Modified:
trunk/libmpdemux/demux_gif.c
Modified: trunk/libmpdemux/demux_gif.c
==============================================================================
--- trunk/libmpdemux/demux_gif.c Mon Jan 4 19:52:20 2016 (r37586)
+++ trunk/libmpdemux/demux_gif.c Mon Jan 4 21:16:53 2016 (r37587)
@@ -146,7 +146,7 @@ static int demux_gif_fill_buffer(demuxer
}
if (code == 0xF9) {
int frametime = 0;
- if (p[0] == 4) // is the length correct?
+ if (p && p[0] == 4) // is the length correct?
{
transparency = p[1] & 1;
refmode = (p[1] >> 2) & 3;
More information about the MPlayer-cvslog
mailing list