Mercurial > libavcodec.hg
comparison mlp_parser.c @ 11029:dfa02260a864 libavcodec
Fix possible crashes in mlp parser, it tries to go back 7 bytes after
finding the 4-byte signature.
Add a check that ignores the signature if we do not have enough previous
data to go back at least 7 bytes.
| author | reimar |
|---|---|
| date | Wed, 27 Jan 2010 20:04:19 +0000 |
| parents | 0dce4fe6e6f3 |
| children | 7de903afbd92 |
comparison
equal
deleted
inserted
replaced
| 11028:919fb8b71591 | 11029:dfa02260a864 |
|---|---|
| 174 if (!mp->in_sync) { | 174 if (!mp->in_sync) { |
| 175 // Not in sync - find a major sync header | 175 // Not in sync - find a major sync header |
| 176 | 176 |
| 177 for (i = 0; i < buf_size; i++) { | 177 for (i = 0; i < buf_size; i++) { |
| 178 mp->pc.state = (mp->pc.state << 8) | buf[i]; | 178 mp->pc.state = (mp->pc.state << 8) | buf[i]; |
| 179 if ((mp->pc.state & 0xfffffffe) == 0xf8726fba) { | 179 if ((mp->pc.state & 0xfffffffe) == 0xf8726fba && |
| 180 // ignore if we do not have the data for the start of header | |
| 181 mp->pc.index + i >= 7) { | |
| 180 mp->in_sync = 1; | 182 mp->in_sync = 1; |
| 181 mp->bytes_left = 0; | 183 mp->bytes_left = 0; |
| 182 break; | 184 break; |
| 183 } | 185 } |
| 184 } | 186 } |