[vlc-devel] commit: Fixed possible out of bound access + infinite loop in dirac header. (Laurent Aimar )
Laurent Aimar
fenrir at via.ecp.fr
Tue Nov 18 20:20:36 CET 2008
On Tue, Nov 18, 2008, David Flynn wrote:
> On 2008-11-18, git version control <git at videolan.org> wrote:
> >> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=8833f1447820aeafa3e0506e5d8282acac0e07f3
> > ---
> >
> > modules/demux/ogg.c | 31 ++++++++++++++++++-------------
> > 1 files changed, 18 insertions(+), 13 deletions(-)
> >
> > diff --git a/modules/demux/ogg.c b/modules/demux/ogg.c
> > index 35c4f7f..d13f0c7 100644
> > --- a/modules/demux/ogg.c
> > +++ b/modules/demux/ogg.c
> > @@ -1810,26 +1809,32 @@ static void Ogg_ReadDiracHeader( logical_stream_t *p_stream,
> > + /* */
> > + if( u_video_format >= u_dirac_vidfmt_frate )
> > + u_video_format = 0;
> >
> ...
> > + uint32_t u_frame_rate_index = dirac_uint( &bs );
> > + if( u_frame_rate_index > u_dirac_frate_tbl )
> > + u_frame_rate_index = 0;
>
> I don't think this is a good idea. see:
> http://repo.or.cz/w/vlc/davidf-public.git?a=commitdiff;h=74ffca75d2801ddaa69dbab020af3535bc0951b4
It may not be the best way to handle it, but it will avoid segfault on
invalid streams. So it is better than nothing for the time being.
--
fenrir
More information about the vlc-devel
mailing list