[vlc-devel] commit: Fixed possible out of bound access + infinite loop in dirac header. (Laurent Aimar )

Tue Nov 18 20:13:20 CET 2008

On 2008-11-18, git version control <git at videolan.org> wrote:
>> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=8833f1447820aeafa3e0506e5d8282acac0e07f3
> ---
>
>  modules/demux/ogg.c |   31 ++++++++++++++++++-------------
>  1 files changed, 18 insertions(+), 13 deletions(-)
>
> diff --git a/modules/demux/ogg.c b/modules/demux/ogg.c
> index 35c4f7f..d13f0c7 100644
> --- a/modules/demux/ogg.c
> +++ b/modules/demux/ogg.c
> @@ -1810,26 +1809,32 @@ static void Ogg_ReadDiracHeader( logical_stream_t *p_stream,
> +    /* */
> +    if( u_video_format >= u_dirac_vidfmt_frate )
> +        u_video_format = 0;
>  
...
> +        uint32_t u_frame_rate_index = dirac_uint( &bs );
> +        if( u_frame_rate_index > u_dirac_frate_tbl )
> +            u_frame_rate_index = 0;

I don't think this is a good idea. see:
http://repo.or.cz/w/vlc/davidf-public.git?a=commitdiff;h=74ffca75d2801ddaa69dbab020af3535bc0951b4

Also (granule_shift fix):
http://repo.or.cz/w/vlc/davidf-public.git?a=commitdiff;h=c781ea89a25d61d750a33ebd5e4d23e962316a2c

..david