[MPlayer-dev-eng] [PATCH] crash in mp_dvdnav_save_smpi
Gianluigi Tiesi
mplayer at netfarm.it
Thu Jun 9 03:16:21 CEST 2011
Hi,
I'm not sure what's changed in last times, but when using dvdnav://
seeking causes mplayer to crash
in update_video() there are multiple checks for in_size > 0
so the only function can put back in_size to -1 is mp_dvdnav_restore_smpi
the problem is that when seeking mp_dvdnav_save_smpi()
gets called with -1 as size so it mallocs -1 and memcpy -1 (wrap to maxuint)
The attached patch makes a check before calling mp_dvdnav_save_smpi()
but the check may be made also elsewhere
Regards
--
Gianluigi Tiesi <sherpya at netfarm.it>
EDP Project Leader
Netfarm S.r.l. - http://www.netfarm.it/
Free Software: http://oss.netfarm.it/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xx_dvdnav_save_smpi.diff
Type: text/x-diff
Size: 540 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/attachments/20110609/e71b1fa5/attachment.bin>
More information about the MPlayer-dev-eng
mailing list