[MPlayer-dev-eng] [PATCH] crash in mp_dvdnav_save_smpi
Gianluigi Tiesi
mplayer at netfarm.it
Mon Jun 13 04:44:15 CEST 2011
On Mon, Jun 13, 2011 at 04:41:02AM +0200, Gianluigi Tiesi wrote:
> On Sun, Jun 12, 2011 at 11:23:24AM +0200, Reimar Döffinger wrote:
> > On Thu, Jun 09, 2011 at 03:16:21AM +0200, Gianluigi Tiesi wrote:
> > > I'm not sure what's changed in last times, but when using dvdnav://
> > > seeking causes mplayer to crash
> >
> > I can't reproduce, can you give any details?
>
> - insert a dvd
> - mplayer dvdnav://
> - wait the menu to show up
> - left arrow to seek
>
> >
> > > in update_video() there are multiple checks for in_size > 0
> > > so the only function can put back in_size to -1 is mp_dvdnav_restore_smpi
> > >
> > > the problem is that when seeking mp_dvdnav_save_smpi()
> > > gets called with -1 as size so it mallocs -1 and memcpy -1 (wrap to maxuint)
> >
> > On a 32 bit system such a malloc should fail, thus skipping
> > the memcpy. Is this on a 64 bit system?
>
> Yes, I have xp64 but many users reported me the problem
>
> I wrap malloc(size) so the final code is:
>
> p0 = HeapAlloc (GetProcessHeap(), 0, size + (16 + sizeof (void *)));
>
lol -1 + (16 + 4) = 19
Maybe I need some checks accoring msdn
Regards
--
Gianluigi Tiesi <sherpya at netfarm.it>
EDP Project Leader
Netfarm S.r.l. - http://www.netfarm.it/
Free Software: http://oss.netfarm.it/
More information about the MPlayer-dev-eng
mailing list