Mercurial > mplayer.hg

changeset 33511:d30b183c3fdc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Make mp_dvdnav_save_smpi more robust and ensure consistency of nav buffer. It seems that in_size could be negative sometimes, this would cause crashes if the malloc somehow succeeded.
author reimar
date Sun, 12 Jun 2011 09:57:07 +0000
parents 36c1cffd17e5
children 2d1fa588834a
files mplayer.c
diffstat 1 files changed, 8 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/mplayer.c	Sun Jun 12 09:17:05 2011 +0000
+++ b/mplayer.c	Sun Jun 12 09:57:07 2011 +0000
@@ -2080,12 +2080,17 @@
         return;
 
     free(mpctx->nav_buffer);
-
+    mpctx->nav_buffer  = NULL;
+    mpctx->nav_start   = NULL;
+    mpctx->nav_in_size = -1;
+
+    if (in_size > 0)
     mpctx->nav_buffer  = malloc(in_size);
+    if (mpctx->nav_buffer) {
     mpctx->nav_start   = start;
-    mpctx->nav_in_size = mpctx->nav_buffer ? in_size : -1;
-    if (mpctx->nav_buffer)
+        mpctx->nav_in_size = in_size;
         memcpy(mpctx->nav_buffer, start, in_size);
+    }
 
     if (decoded_frame && mpctx->nav_smpi != decoded_frame)
         mpctx->nav_smpi = mp_dvdnav_copy_mpi(mpctx->nav_smpi, decoded_frame);