[vlc-devel] commit: Fixed possible out of bound access + infinite loop in dirac header. (Laurent Aimar )

Laurent Aimar fenrir at via.ecp.fr
Tue Nov 18 20:20:36 CET 2008


On Tue, Nov 18, 2008, David Flynn wrote:
> On 2008-11-18, git version control <git at videolan.org> wrote:
> >> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=8833f1447820aeafa3e0506e5d8282acac0e07f3
> > ---
> >
> >  modules/demux/ogg.c |   31 ++++++++++++++++++-------------
> >  1 files changed, 18 insertions(+), 13 deletions(-)
> >
> > diff --git a/modules/demux/ogg.c b/modules/demux/ogg.c
> > index 35c4f7f..d13f0c7 100644
> > --- a/modules/demux/ogg.c
> > +++ b/modules/demux/ogg.c
> > @@ -1810,26 +1809,32 @@ static void Ogg_ReadDiracHeader( logical_stream_t *p_stream,
> > +    /* */
> > +    if( u_video_format >= u_dirac_vidfmt_frate )
> > +        u_video_format = 0;
> >  
> ...
> > +        uint32_t u_frame_rate_index = dirac_uint( &bs );
> > +        if( u_frame_rate_index > u_dirac_frate_tbl )
> > +            u_frame_rate_index = 0;
> 
> I don't think this is a good idea. see:
> http://repo.or.cz/w/vlc/davidf-public.git?a=commitdiff;h=74ffca75d2801ddaa69dbab020af3535bc0951b4
 It may not be the best way to handle it, but it will avoid segfault on
invalid streams. So it is better than nothing for the time being.

-- 
fenrir




More information about the vlc-devel mailing list