GetChunk broken?

Jason Mancini jayrusman at
Mon Jun 11 01:37:11 CEST 2001

I'm tracking a sub-title crash that calls GetChunk
with i_buf_len=1.  (Sakura #1 [R1] T2C2 at 3:10)
Vanilla 0.2.80 seg faults.

$ ./configure --disable-mmx
$ make
$ ./vlc dvd:/dev/dvd -V x11

In bld/vlc-0.2.80/include/input_ext-dec.h,
if i_buf_len is 1, the first thing is...

*((WORD_TYPE *)p_buffer) = WORD_AT( &p_bit_stream->fifo.buffer );

Oops, just wrote a byte past the boundary!
And a little further down,

  memcpy( p_buffer, p_bit_stream->p_byte, i_available );

i_available(=29) > i_buf_len(=1), oops, buffer overrun again!

I don't even know where to start trying to repair this!
Are those lines really broken?

It actually dies on
  p_bit_stream->pf_next_data_packet( p_bit_stream );
just a few more lines down, but I haven't
managed that just yet.


Get your FREE download of MSN Explorer at

More information about the vlc-devel mailing list