jayrusman at hotmail.com
Mon Jun 11 01:37:11 CEST 2001
I'm tracking a sub-title crash that calls GetChunk
with i_buf_len=1. (Sakura #1 [R1] T2C2 at 3:10)
Vanilla 0.2.80 seg faults.
$ ./configure --disable-mmx
$ ./vlc dvd:/dev/dvd -V x11
if i_buf_len is 1, the first thing is...
*((WORD_TYPE *)p_buffer) = WORD_AT( &p_bit_stream->fifo.buffer );
Oops, just wrote a byte past the boundary!
And a little further down,
memcpy( p_buffer, p_bit_stream->p_byte, i_available );
i_available(=29) > i_buf_len(=1), oops, buffer overrun again!
I don't even know where to start trying to repair this!
Are those lines really broken?
It actually dies on
p_bit_stream->pf_next_data_packet( p_bit_stream );
just a few more lines down, but I haven't
managed that just yet.
Get your FREE download of MSN Explorer at http://explorer.msn.com
More information about the vlc-devel