Hi, On Fri, Feb 17, 2012 at 5:03 PM, Alex Converse <[email protected]> wrote: > On Fri, Feb 17, 2012 at 2:34 PM, Ronald S. Bultje <[email protected]> wrote: >> From: "Ronald S. Bultje" <[email protected]> >> >> Seeking backwards after a 1-byte read will result in an infinite loop. >> >> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind >> CC: [email protected] >> --- >> libavformat/asfdec.c | 4 ++-- >> 1 files changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c >> index 01411fa..818f82d 100644 >> --- a/libavformat/asfdec.c >> +++ b/libavformat/asfdec.c >> @@ -761,8 +761,8 @@ static int ff_asf_get_packet(AVFormatContext *s, >> AVIOContext *pb) >> // if we do not know packet size, allow skipping up to 32 kB >> off= 32768; >> if (s->packet_size > 0) >> off= (avio_tell(pb) - s->data_offset) % s->packet_size + 3; > > off is at least 3.
Good catch, but only if a%b+c -> a >= 0. if a < 0, the whole thing goes different, so I should probably look into why that's happening, if that's what's happening... Ronald _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
