[MPlayer-dev-eng] [PATCH] crash in mp_dvdnav_save_smpi
Reimar Döffinger
Reimar.Doeffinger at gmx.de
Sun Jun 12 11:23:24 CEST 2011
On Thu, Jun 09, 2011 at 03:16:21AM +0200, Gianluigi Tiesi wrote:
> I'm not sure what's changed in last times, but when using dvdnav://
> seeking causes mplayer to crash
I can't reproduce, can you give any details?
> in update_video() there are multiple checks for in_size > 0
> so the only function can put back in_size to -1 is mp_dvdnav_restore_smpi
>
> the problem is that when seeking mp_dvdnav_save_smpi()
> gets called with -1 as size so it mallocs -1 and memcpy -1 (wrap to maxuint)
On a 32 bit system such a malloc should fail, thus skipping
the memcpy. Is this on a 64 bit system?
More information about the MPlayer-dev-eng
mailing list