[vlc-devel] [PATCH] Avoid a crash with some corrupted mkvs
Rémi Denis-Courmont
remi at remlab.net
Fri Dec 23 20:45:08 CET 2011
Hello,
On Friday 23 December 2011, Denis Charmet wrote:
> Should close #5659
> ---
> modules/demux/mkv/matroska_segment.cpp | 5 +++++
> 1 files changed, 5 insertions(+), 0 deletions(-)
>
> diff --git a/modules/demux/mkv/matroska_segment.cpp
> b/modules/demux/mkv/matroska_segment.cpp index 2bef45e..072dd71 100644
> --- a/modules/demux/mkv/matroska_segment.cpp
> +++ b/modules/demux/mkv/matroska_segment.cpp
> @@ -930,6 +930,11 @@ bool matroska_segment_c::Select( mtime_t i_start_time
> ) p_tk->fmt.i_extra = GetDWLE( &p_bih->biSize ) - sizeof(
> BITMAPINFOHEADER ); if( p_tk->fmt.i_extra > 0 )
> {
> + /* Very unlikely yet possible: bug #5659*/
> + size_t maxlen = p_tk->i_extra_data - sizeof(
> BITMAPINFOHEADER );
This is not very kosher if i_extra_data < sizeof(BITMAPINFOHEADER).
> + p_tk->fmt.i_extra = (
> p_tk->fmt.i_extra < maxlen )? + p_tk->fmt.i_extra :
> maxlen;
> +
> p_tk->fmt.p_extra = xmalloc( p_tk->fmt.i_extra );
> memcpy( p_tk->fmt.p_extra, &p_bih[1],
> p_tk->fmt.i_extra ); }
--
Rémi Denis-Courmont
http://www.remlab.info
More information about the vlc-devel
mailing list