# HG changeset patch
# User iive
# Date 1143759978 0
# Node ID a2683ee7cb5a2e5a3324cce3282b7ae72085d416
# Parent  3b4e03cb518d4aaadbd6e736e0993fbfd69e0bdd
fix descrambling of asf file,
where signed buffer could cause erroneous values to be filled in descrable variables,
add misssing check for one of these variables
and restore sign of these variables as insurance that these checks will work even in such case.

diff -r 3b4e03cb518d -r a2683ee7cb5a libmpdemux/asf.h
--- a/libmpdemux/asf.h	Thu Mar 30 22:28:32 2006 +0000
+++ b/libmpdemux/asf.h	Thu Mar 30 23:06:18 2006 +0000
@@ -216,9 +216,9 @@
 struct asf_priv {
     ASF_header_t header;
     unsigned char* packet;
-    unsigned scrambling_h;
-    unsigned scrambling_w;
-    unsigned scrambling_b;
+    int scrambling_h;
+    int scrambling_w;
+    int scrambling_b;
     unsigned packetsize;
     double   packetrate;
     unsigned movielength;
diff -r 3b4e03cb518d -r a2683ee7cb5a libmpdemux/asfheader.c
--- a/libmpdemux/asfheader.c	Thu Mar 30 22:28:32 2006 +0000
+++ b/libmpdemux/asfheader.c	Thu Mar 30 23:06:18 2006 +0000
@@ -184,7 +184,7 @@
   while ((pos = find_asf_guid(hdr, asf_stream_header_guid, pos, hdr_len)) >= 0)
   {
     ASF_stream_header_t *streamh = (ASF_stream_header_t *)&hdr[pos];
-    char *buffer;
+    uint8_t *buffer;
     pos += sizeof(ASF_stream_header_t);
     if (pos > hdr_len) goto len_err_out;
     le2me_ASF_stream_header_t(streamh);
@@ -217,7 +217,9 @@
           asf->scrambling_h=buffer[0];
           asf->scrambling_w=(buffer[2]<<8)|buffer[1];
           asf->scrambling_b=(buffer[4]<<8)|buffer[3];
-  	  asf->scrambling_w/=asf->scrambling_b;
+          if(asf->scrambling_b>0){
+            asf->scrambling_w/=asf->scrambling_b;
+          }
 	} else {
 	  asf->scrambling_b=asf->scrambling_h=asf->scrambling_w=1;
 	}
diff -r 3b4e03cb518d -r a2683ee7cb5a libmpdemux/demux_asf.c
--- a/libmpdemux/demux_asf.c	Thu Mar 30 22:28:32 2006 +0000
+++ b/libmpdemux/demux_asf.c	Thu Mar 30 23:06:18 2006 +0000
@@ -100,7 +100,7 @@
       if(ds->asf_seq!=seq){
         // closed segment, finalize packet:
 		if(ds==demux->audio)
-		  if(asf->scrambling_h>1 && asf->scrambling_w>1)
+		  if(asf->scrambling_h>1 && asf->scrambling_w>1 && asf->scrambling_b>0)
 		    asf_descrambling(&ds->asf_packet->buffer,ds->asf_packet->len,asf);
         ds_add_packet(ds,ds->asf_packet);
         ds->asf_packet=NULL;