[MPlayer-dev-eng] [PATCH] unchecked result of ICDecompressGetFormatSize leads to crash
Reimar Döffinger
Reimar.Doeffinger at stud.uni-karlsruhe.de
Sun Oct 21 15:20:02 CEST 2007
Hello,
On Wed, Oct 17, 2007 at 07:03:18AM +0200, Gianluigi Tiesi wrote:
> Currently the vfw code calls ICDecompressGetFormatSize
> (a macro to SendMessage)
> it should return the size of the struct, but
> while using vp6vfw.dll and/or maybe other dlls,
> the returned value is -2
>
> then mplayer does malloc(-2)
> and memset(,,-2)
> then crashes
>
> I've not added free(priv) since also the other check does not
> free it
Applied with a small modification. If the return value is <
sizeof(BITMAPINFOHEADER) MPlayer might still crash, so I changed it to
check against that. If it causes problems we can still think of a better
fix later.
Greetings,
Reimar Döffinger
More information about the MPlayer-dev-eng
mailing list