[MPlayer-dev-eng] [PATCH] do not overread while copying in vd_ffmpeg
Reimar Döffinger
Reimar.Doeffinger at stud.uni-karlsruhe.de
Mon Feb 5 16:49:51 CET 2007
Hello,
Some old patch I had lying around, don't remember which file it fixed
(some real video one obviously though).
Comments?
Greetings,
Reimar Döffinger
-------------- next part --------------
Index: libmpcodecs/vd_ffmpeg.c
===================================================================
--- libmpcodecs/vd_ffmpeg.c (revision 22133)
+++ libmpcodecs/vd_ffmpeg.c (working copy)
@@ -764,6 +771,8 @@
if(sh->bih->biSize>=sizeof(*sh->bih)+8){
int i;
dp_hdr_t *hdr= (dp_hdr_t*)data;
+ uint32_t *offsets = (uint32_t*)(data + hdr->chunktab) + 1;
+ char *end = data + len;
if(avctx->slice_offset==NULL)
avctx->slice_offset= av_malloc(sizeof(int)*1000);
@@ -771,8 +780,8 @@
// for(i=0; i<25; i++) printf("%02X ", ((uint8_t*)data)[i]);
avctx->slice_count= hdr->chunks+1;
- for(i=0; i<avctx->slice_count; i++)
- avctx->slice_offset[i]= ((uint32_t*)(data+hdr->chunktab))[2*i+1];
+ for(i=0; i<avctx->slice_count && end >= &offsets[2*i+1]; i++)
+ avctx->slice_offset[i]= offsets[2*i];
len=hdr->len;
data+= sizeof(dp_hdr_t);
}
More information about the MPlayer-dev-eng
mailing list