Mercurial > mplayer.hg

changeset 26612:87d096a58965

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Check ASF packet size before calling demux_asf_read_packet. Fixes segfault with damaged ASF files.
author eugeni
date Fri, 02 May 2008 13:33:14 +0000
parents 25d9f749e58c
children 92939846ff49
files libmpdemux/demux_asf.c
diffstat 1 files changed, 5 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/libmpdemux/demux_asf.c	Thu May 01 17:51:04 2008 +0000
+++ b/libmpdemux/demux_asf.c	Fri May 02 13:33:14 2008 +0000
@@ -3,6 +3,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <assert.h>
 
 #include "config.h"
 #include "mp_msg.h"
@@ -501,6 +502,7 @@
 		  p++;
                   //printf("  group part: %d bytes\n",len2);
                   if(len2 > len - 1) break; // Not enough data
+                  assert(len2 > 0 && len2 <= asf->packetsize);
                   demux_asf_read_packet(demux,p,len2,streamno,seq,x,duration,-1,keyframe);
                   p+=len2;
 		  len-=len2+1;
@@ -513,8 +515,10 @@
               default:
                 // NO GROUPING:
                 //printf("fragment offset: %d  \n",sh->x);
-                if (!asf->asf_is_dvr_ms || asf->found_first_key_frame)
+                if (!asf->asf_is_dvr_ms || asf->found_first_key_frame) {
+                    assert(len > 0 && len <= asf->packetsize);
                     demux_asf_read_packet(demux,p,len,streamno,seq,time2,duration,x,keyframe);
+                }
                 p+=len;
                 break;
 	      }