Hi, On Fri, Jul 27, 2012 at 4:21 PM, Derek Buitenhuis <[email protected]> wrote: > +static int cllc_decode_frame(AVCodecContext *avctx, void *data, > + int *data_size, AVPacket *avpkt) [..] > + uint8_t *src = avpkt->data; [..] > + info_tag = AV_RL32(src); > + if (info_tag == MKTAG('I', 'N', 'F', 'O')) { > + info_offset = AV_RL32(src + 4) + 8; > + src += info_offset; > + > + av_log(avctx, AV_LOG_DEBUG, "Skipping INFO chunk.\n"); > + } > + > + /* bswap16 the buffer since CLLC's bitreader works in 16-bit WORDS */ > + ctx->dsp.bswap16_buf((uint16_t *) ctx->swapped_buf, (uint16_t *) src, > + (avpkt->size - info_offset) / 2);
Are you sure you don't want to check info_offset to ensure it actually leads to a greater-than-zero result before continuing? I'm pretty sure this can crash on malformed streams. Ronald _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
