On Tue, 3 Jan 2012 18:18:20 +0100, Janne Grunau <[email protected]> wrote: > Fixes an invalid free() with ass in avi. The sample in bug 98 passes > parts of AVPacket.data as buffer for the AVIOContext. Since the packet > is quite large fill_buffer tries to reallocate the buffer before doing > nothing. Fixes bug 98. > --- > libavformat/aviobuf.c | 4 ++++ > 1 files changed, 4 insertions(+), 0 deletions(-) > > diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c > index 898f35d..dbbbba5 100644 > --- a/libavformat/aviobuf.c > +++ b/libavformat/aviobuf.c > @@ -565,6 +565,10 @@ static void fill_buffer(AVIOContext *s) > int len= s->buffer_size - (dst - s->buffer); > int max_buffer_size = s->max_packet_size ? s->max_packet_size : > IO_BUFFER_SIZE; > > + /* can't fill the buffer without read_packet, just set EOF if appropiate > */ > + if (!s->read_packet && s->buf_ptr >= s->buf_end) > + s->eof_reached = 1; > + > /* no need to do anything if EOF already reached */ > if (s->eof_reached) > return; > -- > 1.7.8.2 >
LGTM -- Anton Khirnov _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
