[MPlayer-dev-eng] [patch] backports/fixes from uoti demux_mkv.c for comp_algo==3
Reimar Döffinger
Reimar.Doeffinger at gmx.de
Thu Aug 12 21:47:59 CEST 2010
On Thu, Aug 12, 2010 at 10:36:46PM +0400, Yuriy Kaminskiy wrote:
> Reimar Döffinger wrote:
> > On Thu, Aug 12, 2010 at 09:33:40PM +0400, Yuriy Kaminskiy wrote:
> >> + } else if (track->encodings[i].comp_algo == 3) {
> >> + modified = 1;
> >> + *dest = malloc(*size + track->encodings[i].comp_settings_len);
> >
> > Integer overflow?
> No different from zlib code just above? (and a lot code nearby)
That, unfortunately, is more an argument for disabling
the native demuxer than for the patch...
> + if (*size >= SIZE_MAX - enc->comp_settings_len) {
Due to other mess, comp_settings_len can be < 0, so I fear this
check can not 100% work.
Of course the real fault is insufficient checking when
comp_settings_len is set...
More information about the MPlayer-dev-eng
mailing list