Patches item #411171, was updated on 2001-03-25 08:19 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=311050&aid=411171&group_id=11050 Category: None Group: None >Status: Closed >Resolution: Accepted Priority: 5 Submitted By: J�rgen Keil (jkeil) >Assigned to: Zdenek Kabelac (kabi) Summary: fix for core dump in class Mpegtoraw Initial Comment: avifile-0.6-cvs currently crashes on certain avi files that use the Mpegtoraw audio class. The crash was introduced when the type of the member variable local_src_buffer_size was changed from int to unsigned (in file: plugins/libmpeg_audiodec/mpegsound.h). Previously, the end-of-file condition on the raw input source data could be detected by a negative local_src_buffer_size. With the type of this variable changed to unsigned, the end-of-file condition cannot be detected any more -> it access data beyond the end of the buffer and may crash sooner or later. The following patch fixes the problem (stop decrementing when we reach 0 and fix eof() test): diff -rub -x CVS avifile-0.6-orig/plugins/libmpeg_audiodec/mpegsound.h avifile-0.6/plugins/libmpeg_audiodec/mpegsound.h --- avifile-0.6-orig/plugins/libmpeg_audiodec/mpegsound.h Mon Mar 19 13:57:49 2001 +++ avifile-0.6/plugins/libmpeg_audiodec/mpegsound.h Sat Mar 24 18:13:36 2001 @@ -447,12 +447,13 @@ private: int getbytedirect() { - local_src_buffer_size--; - return (local_src_buffer_size>=0)?(*local_src_buffer++):(-1); + return (local_src_buffer_size > 0 + ? (local_src_buffer_size--, *local_src_buffer++) + : -1); } int eof() { - return (local_src_buffer_size<0); + return (local_src_buffer_size <= 0); } // Soundplayer *player; // General playing interface int rawdataoffset; ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=311050&aid=411171&group_id=11050 _______________________________________________ Avifile mailing list [EMAIL PROTECTED] http://prak.org/mailman/listinfo/avifile
