# HG changeset patch
# User reimar
# Date 1169403727 0
# Node ID ddcdba92023cdc8421bbe039c3cdf6905158dc92
# Parent  d9494ca70ca721ee598180a0b1927e7cc81363f7
Sanity-check sh_video->bih->biSize

diff -r d9494ca70ca7 -r ddcdba92023c libmpdemux/asfheader.c
--- a/libmpdemux/asfheader.c	Sun Jan 21 15:44:58 2007 +0000
+++ b/libmpdemux/asfheader.c	Sun Jan 21 18:22:07 2007 +0000
@@ -420,6 +420,8 @@
         sh_video->bih=calloc((len<sizeof(BITMAPINFOHEADER))?sizeof(BITMAPINFOHEADER):len,1);
         memcpy(sh_video->bih,&buffer[4+4+1+2],len);
 	le2me_BITMAPINFOHEADER(sh_video->bih);
+	if (sh_video->bih->biSize > len && sh_video->bih->biSize > sizeof(BITMAPINFOHEADER))
+		sh_video->bih->biSize = len;
         if (sh_video->bih->biCompression == mmioFOURCC('D', 'V', 'R', ' ')) {
           //mp_msg(MSGT_DEMUXER, MSGL_WARN, MSGTR_MPDEMUX_ASFHDR_DVRWantsLibavformat);
           //sh_video->fps=(float)sh_video->video.dwRate/(float)sh_video->video.dwScale;
diff -r d9494ca70ca7 -r ddcdba92023c libmpdemux/aviheader.c
--- a/libmpdemux/aviheader.c	Sun Jan 21 15:44:58 2007 +0000
+++ b/libmpdemux/aviheader.c	Sun Jan 21 18:22:07 2007 +0000
@@ -262,6 +262,8 @@
         mp_msg(MSGT_HEADER,MSGL_V,MSGTR_MPDEMUX_AVIHDR_FoundBitmapInfoHeader,chunksize,sizeof(BITMAPINFOHEADER));
         stream_read(demuxer->stream,(char*) sh_video->bih,chunksize);
 	le2me_BITMAPINFOHEADER(sh_video->bih);  // swap to machine endian
+	if (sh_video->bih->biSize > chunksize && sh_video->bih->biSize > sizeof(BITMAPINFOHEADER))
+		sh_video->bih->biSize = chunksize;
 	// fixup MS-RLE header (seems to be broken for <256 color files)
 	if(sh_video->bih->biCompression<=1 && sh_video->bih->biSize==40)
 	    sh_video->bih->biSize=chunksize;