[MPlayer-dev-eng] [PATCH] Fix crashes in CreatePalette
Steinar H. Gunderson
sgunderson at bigfoot.com
Mon Mar 1 15:11:46 CET 2010
Hi,
CreatePalette had problems for me, and looking at the code it was quite
obvious why; someone had reversed the order of the two elements of the
LOGPALETTE struct, causing it to allocate and copy a bogus amount of memory.
Why on earth anybody would want to do that is beyond me; whoever did it even
left a comment, but it wasn't very helpful, as it crashed nevertheless. :-)
--- orig/mplayer-export-2010-02-28/loader/win32.c 2010-02-26 16:01:37.000000000 +0100
+++ mplayer-export-2010-02-28/loader/win32.c 2010-03-01 15:09:28.573821000 +0100
@@ -4701,10 +4863,9 @@
BYTE peFlags;
} PALETTEENTRY;
-/* reversed the first 2 entries */
typedef struct tagLOGPALETTE {
- WORD palNumEntries;
WORD palVersion;
+ WORD palNumEntries;
PALETTEENTRY palPalEntry[1];
} LOGPALETTE;
--
Homepage: http://www.sesse.net/
More information about the MPlayer-dev-eng
mailing list