On Tue,  3 Jan 2012 18:18:20 +0100, Janne Grunau <[email protected]> wrote:
> Fixes an invalid free() with ass in avi. The sample in bug 98 passes
> parts of AVPacket.data as buffer for the AVIOContext. Since the packet
> is quite large fill_buffer tries to reallocate the buffer before doing
> nothing. Fixes bug 98.
> ---
>  libavformat/aviobuf.c |    4 ++++
>  1 files changed, 4 insertions(+), 0 deletions(-)
> 
> diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c
> index 898f35d..dbbbba5 100644
> --- a/libavformat/aviobuf.c
> +++ b/libavformat/aviobuf.c
> @@ -565,6 +565,10 @@ static void fill_buffer(AVIOContext *s)
>      int len= s->buffer_size - (dst - s->buffer);
>      int max_buffer_size = s->max_packet_size ? s->max_packet_size : 
> IO_BUFFER_SIZE;
>  
> +    /* can't fill the buffer without read_packet, just set EOF if appropiate 
> */
> +    if (!s->read_packet && s->buf_ptr >= s->buf_end)
> +        s->eof_reached = 1;
> +
>      /* no need to do anything if EOF already reached */
>      if (s->eof_reached)
>          return;
> -- 
> 1.7.8.2
> 

LGTM

-- 
Anton Khirnov
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel

Reply via email to