[vlc-devel] MPEG Video Codec Address Zero & Divide-by-Zero Crashes [1/1]

[Andy Lindsay]

I am using VLC to handle DVB-T streams in an area of poor reception. 
This leads to VLC receiving corrupted TS packets which become a 
corrupted video stream.  From this I have identified some errors in the 
MPEG video codec that cause crashes.  Here are a couple of simple ones 
(I will describe another one in a separate message):

1.  In function PictureHeader(), if either i_structure or i_coding_type 
is an invalid value the look up to call the correct 
vpar_PictureData...() function ends up calling a function at address 0 
which causes an exception.

2.  Also, in the same function, invalid data in the picture header can 
lead to i_frame_rate being set to zero.  This leads to divide by zero 
errors in vpar_SynchroChose() or vpar_SynchroNewPicture().

Attached are patches to deal with these.

Note that I use VLC on WinXP from the command line (without a GUI) but I 
think that these errors could be seen on any system.
-- 
Andy Lindsay

-------------- next part --------------
A non-text attachment was scrubbed...
Name: synchro.c.patch
Type: application/octet-stream
Size: 1527 bytes
Desc: synchro.c.patch
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20030401/ee74a6e3/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: headers.c.patch
Type: application/octet-stream
Size: 2201 bytes
Desc: headers.c.patch
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20030401/ee74a6e3/attachment-0001.obj>