Unfortunately this commit still doesn't fix the memory error I reported
earlier where in 64bit binary it spontaneously use upto 4GB ram.
Although unreproducible in the 32-bits binary, in 32bits it will just
call error dialog ask user if it should be repaired. As the AVI module
is quite old by now and ur the author but unmaintained even at the
32bit binary error dialog should not have been called on a valid avi
file even if user stress tests through the playlist items.<br>
Seems to be a race condition issue here as the avi item was trying to
load another thread was not blocked which is leading to a catastrophic
events on the 64bits binary.<br>
This seems all ok if playlist full of avi items aren't getting stress
tested with "N". Nevertheless bug is still here it has been there for
long time and nobody could bothered to get it fixed.<br>
<br>
thasnk<br>
<br><br><div class="gmail_quote">On Wed, Sep 16, 2009 at 5:20 AM, git version control <span dir="ltr"><<a href="mailto:git@videolan.org">git@videolan.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
vlc | branch: master | Laurent Aimar <<a href="mailto:fenrir@videolan.org">fenrir@videolan.org</a>> | Tue Sep 15 21:02:40 2009 +0200| [861e374d03e6c60c7d3c98428c632fe3b9e371b2] | committer: Laurent Aimar<br>
<br>
Fixed potential stack overflow in avi demuxer.<br>
<br>
Reported by Sebastian Apelt, Siberas.<br>
<br>
> <a href="http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=861e374d03e6c60c7d3c98428c632fe3b9e371b2" target="_blank">http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=861e374d03e6c60c7d3c98428c632fe3b9e371b2</a><br>
---<br>
<br>
modules/demux/avi/libavi.c | 13 ++++++++-----<br>
1 files changed, 8 insertions(+), 5 deletions(-)<br>
<br>
diff --git a/modules/demux/avi/libavi.c b/modules/demux/avi/libavi.c<br>
index ad65ecb..ffbb3f9 100644<br>
--- a/modules/demux/avi/libavi.c<br>
+++ b/modules/demux/avi/libavi.c<br>
@@ -795,12 +795,15 @@ void _AVI_ChunkFree( stream_t *s,<br>
}<br>
<br>
static void AVI_ChunkDumpDebug_level( vlc_object_t *p_obj,<br>
- avi_chunk_t *p_chk, int i_level )<br>
+ avi_chunk_t *p_chk, unsigned i_level )<br>
{<br>
- char str[1024];<br>
- int i;<br>
+ unsigned i;<br>
avi_chunk_t *p_child;<br>
<br>
+ char str[512];<br>
+ if( i_level * 5 + 1 >= sizeof(str) )<br>
+ return;<br>
+<br>
memset( str, ' ', sizeof( str ) );<br>
for( i = 1; i < i_level; i++ )<br>
{<br>
@@ -810,7 +813,7 @@ static void AVI_ChunkDumpDebug_level( vlc_object_t *p_obj,<br>
p_chk->common.i_chunk_fourcc == AVIFOURCC_ON2 ||<br>
p_chk->common.i_chunk_fourcc == AVIFOURCC_LIST )<br>
{<br>
- sprintf( str + i_level * 5,<br>
+ snprintf( &str[i_level * 5], sizeof(str) - 5*i_level,<br>
"%c %4.4s-%4.4s size:%"PRIu64" pos:%"PRIu64,<br>
i_level ? '+' : '*',<br>
(char*)&p_chk->common.i_chunk_fourcc,<br>
@@ -820,7 +823,7 @@ static void AVI_ChunkDumpDebug_level( vlc_object_t *p_obj,<br>
}<br>
else<br>
{<br>
- sprintf( str + i_level * 5,<br>
+ snprintf( &str[i_level * 5], sizeof(str) - 5*i_level,<br>
"+ %4.4s size:%"PRIu64" pos:%"PRIu64,<br>
(char*)&p_chk->common.i_chunk_fourcc,<br>
p_chk->common.i_chunk_size,<br>
<br>
_______________________________________________<br>
vlc-devel mailing list<br>
To unsubscribe or modify your subscription options:<br>
<a href="http://mailman.videolan.org/listinfo/vlc-devel" target="_blank">http://mailman.videolan.org/listinfo/vlc-devel</a><br>
</blockquote></div><br>