Author: spyfeng
Date: Tue Apr 20 17:04:45 2010
New Revision: 5765
Log:
check mms->asf_packet_len for possible overwriting.
Modified:
mms/mmst.c
Modified: mms/mmst.c
==============================================================================
--- mms/mmst.c Mon Apr 19 18:35:30 2010 (r5764)
+++ mms/mmst.c Tue Apr 20 17:04:45 2010 (r5765)
@@ -411,6 +411,10 @@ static int asf_header_parser(MMSContext
/* read packet size */
if (end - p > sizeof(ff_asf_guid) * 2 + 68) {
mms->asf_packet_len = AV_RL32(p + sizeof(ff_asf_guid) * 2 +
64);
+ if (mms->asf_packet_len > sizeof(mms->incoming_buffer)) {
+ dprintf(NULL,"Too large packet len:%d"
+ " may overwrite incoming_buffer when padding",
mms->asf_packet_len);
+ }
}
} else if (!memcmp(p, ff_asf_stream_header, sizeof(ff_asf_guid))) {
flags = AV_RL16(p + sizeof(ff_asf_guid)*3 + 24);
_______________________________________________
FFmpeg-soc mailing list
[email protected]
https://lists.mplayerhq.hu/mailman/listinfo/ffmpeg-soc
