[vlc-devel] commit: Fixed potential stack overflow in avi demuxer. (Laurent Aimar )

xxcv xxcv xxcv07 at gmail.com
Thu Sep 17 07:31:08 CEST 2009 

Unfortunately this commit still doesn't fix the memory error I reported
earlier where in 64bit binary it spontaneously use upto 4GB ram. Although
unreproducible in the 32-bits binary, in 32bits it will just call error
dialog ask user if it should be repaired. As the AVI module is quite old by
now and ur the author but unmaintained even at the 32bit binary error dialog
should not have been called on a valid avi file even if user stress tests
through the playlist items.
Seems to be a race condition issue here as the avi item was trying to load
another thread was not blocked which is leading to a catastrophic events on
the 64bits binary.
This seems all ok if playlist full of avi items aren't getting stress tested
with "N". Nevertheless bug is still here it has been there for long time and
nobody could bothered to get it fixed.

thasnk


On Wed, Sep 16, 2009 at 5:20 AM, git version control <git at videolan.org>wrote:

> vlc | branch: master | Laurent Aimar <fenrir at videolan.org> | Tue Sep 15
> 21:02:40 2009 +0200| [861e374d03e6c60c7d3c98428c632fe3b9e371b2] | committer:
> Laurent Aimar
>
> Fixed potential stack overflow in avi demuxer.
>
> Reported by Sebastian Apelt, Siberas.
>
> >
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=861e374d03e6c60c7d3c98428c632fe3b9e371b2
> ---
>
>  modules/demux/avi/libavi.c |   13 ++++++++-----
>  1 files changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/modules/demux/avi/libavi.c b/modules/demux/avi/libavi.c
> index ad65ecb..ffbb3f9 100644
> --- a/modules/demux/avi/libavi.c
> +++ b/modules/demux/avi/libavi.c
> @@ -795,12 +795,15 @@ void _AVI_ChunkFree( stream_t *s,
>  }
>
>  static void AVI_ChunkDumpDebug_level( vlc_object_t *p_obj,
> -                                      avi_chunk_t  *p_chk, int i_level )
> +                                      avi_chunk_t  *p_chk, unsigned
> i_level )
>  {
> -    char str[1024];
> -    int i;
> +    unsigned i;
>     avi_chunk_t *p_child;
>
> +    char str[512];
> +    if( i_level * 5 + 1 >= sizeof(str) )
> +        return;
> +
>     memset( str, ' ', sizeof( str ) );
>     for( i = 1; i < i_level; i++ )
>     {
> @@ -810,7 +813,7 @@ static void AVI_ChunkDumpDebug_level( vlc_object_t
> *p_obj,
>         p_chk->common.i_chunk_fourcc == AVIFOURCC_ON2  ||
>         p_chk->common.i_chunk_fourcc == AVIFOURCC_LIST )
>     {
> -        sprintf( str + i_level * 5,
> +        snprintf( &str[i_level * 5], sizeof(str) - 5*i_level,
>                  "%c %4.4s-%4.4s size:%"PRIu64" pos:%"PRIu64,
>                  i_level ? '+' : '*',
>                  (char*)&p_chk->common.i_chunk_fourcc,
> @@ -820,7 +823,7 @@ static void AVI_ChunkDumpDebug_level( vlc_object_t
> *p_obj,
>     }
>     else
>     {
> -        sprintf( str + i_level * 5,
> +        snprintf( &str[i_level * 5], sizeof(str) - 5*i_level,
>                  "+ %4.4s size:%"PRIu64" pos:%"PRIu64,
>                  (char*)&p_chk->common.i_chunk_fourcc,
>                  p_chk->common.i_chunk_size,
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> http://mailman.videolan.org/listinfo/vlc-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20090917/9011f285/attachment.html>

More information about the vlc-devel mailing list