[issue2365] ffmpeg 0.6.1 crash on avi file

Reimar Döffinger Wed, 17 Nov 2010 14:15:41 -0800

Reimar Döffinger <[email protected]> added the comment:

On Wed, Nov 17, 2010 at 09:41:50PM +0000, kcraigie wrote:
> Program received signal SIGSEGV, Segmentation fault.
> avi_read_packet (s=<value optimized out>, pkt=0x3baa0c40) at 
> libavformat/avidec.c:705


Please provide a sample file and test this patch:
Index: ffmpeg/libavformat/avidec.c
===================================================================
--- ffmpeg/libavformat/avidec.c (revision 25760)
+++ ffmpeg/libavformat/avidec.c (working copy)
@@ -699,6 +699,9 @@
 }

 static int read_gab2_sub(AVStream *st, AVPacket *pkt) {
+    // make sure we will not crash with 0-size packets
+    if (pkt->size < 17)
+        return 0;
     if (!strcmp(pkt->data, "GAB2") && AV_RL16(pkt->data+5) == 2) {
         uint8_t desc[256], *d = desc;
         uint8_t *end, *ptr = pkt->data+7;
@@ -710,7 +713,7 @@
         ByteIOContext *pb;
         AVProbeData pd;

-        if (desc_len > FFMAX(pkt->size-17, 0))
+        if (desc_len > pkt->size-17)
             return 0;

         end = ptr + desc_len;

________________________________________________
FFmpeg issue tracker <[email protected]>
<https://roundup.ffmpeg.org/issue2365>
________________________________________________

[issue2365] ffmpeg 0.6.1 crash on avi file

Reply via email to