Author: spyfeng
Date: Sat Mar 13 13:22:27 2010
New Revision: 5659
Log:
fix a potential buffer overread according to Ronald S. Bultje's comment.
Modified:
mms/mmst.c
Modified: mms/mmst.c
==============================================================================
--- mms/mmst.c Sat Mar 13 13:18:49 2010 (r5658)
+++ mms/mmst.c Sat Mar 13 13:22:27 2010 (r5659)
@@ -869,7 +869,7 @@ static int asf_header_parser(MMSContext
uint64_t chunksize = AV_RL64(p + sizeof(ff_asf_guid));
if (!memcmp(p, ff_asf_file_header, sizeof(ff_asf_guid))) {
/* read packet size */
- if (end - p > sizeof(ff_asf_guid) * 2 + 64) {
+ if (end - p > sizeof(ff_asf_guid) * 2 + 68) {
mms->asf_packet_len = AV_RL32(p + sizeof(ff_asf_guid) * 2 +
64);
}
} else if (!memcmp(p, ff_asf_stream_header, sizeof(ff_asf_guid))) {
_______________________________________________
FFmpeg-soc mailing list
[email protected]
https://lists.mplayerhq.hu/mailman/listinfo/ffmpeg-soc
