[vlc-devel] commit: real: Protect against negative size reading. (Pierre d'Herbemont )
git version control
git at videolan.org
Sat Aug 16 15:16:46 CEST 2008
vlc | branch: master | Pierre d'Herbemont <pdherbemont at videolan.org> | Sat Aug 16 15:19:34 2008 +0200| [c57a8be415f00519bd245ff10ecc67eaefedfb2e] | committer: Pierre d'Herbemont
real: Protect against negative size reading.
Should fix a crash reported by the bugreport ml.
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=c57a8be415f00519bd245ff10ecc67eaefedfb2e
---
modules/demux/real.c | 11 ++++++++++-
1 files changed, 10 insertions(+), 1 deletions(-)
diff --git a/modules/demux/real.c b/modules/demux/real.c
index 36084c6..c07bde5 100644
--- a/modules/demux/real.c
+++ b/modules/demux/real.c
@@ -269,7 +269,8 @@ static int Demux( demux_t *p_demux )
{
demux_sys_t *p_sys = p_demux->p_sys;
uint8_t header[18];
- int i_size, i_id, i_flags, i;
+ int i_id, i_flags, i;
+ unsigned int i_size;
int64_t i_pts;
real_track_t *tk = NULL;
bool b_selected;
@@ -310,6 +311,14 @@ static int Demux( demux_t *p_demux )
p_sys->i_data_packets++;
+ if( i_size == 0 ) return 0;
+
+ if( i_size > sizeof(p_sys->buffer) )
+ {
+ msg_Err( p_demux, "Got a size to read bigger than our buffer. Ignoring current frame." );
+ return 0;
+ }
+
stream_Read( p_demux->s, p_sys->buffer, i_size );
for( i = 0; i < p_sys->i_track; i++ )
More information about the vlc-devel
mailing list