vlc/vlc-2.0 | branch: master | Jean-Baptiste Kempf <[email protected]> | Tue Dec 11 02:35:29 2012 +0100| [1cbc9b327b9774609436b0ed01871b380b825145] | committer: Jean-Baptiste Kempf
Fix swfdec crash Close #7860 > http://git.videolan.org/gitweb.cgi/vlc/vlc-2.0.git/?a=commit;h=1cbc9b327b9774609436b0ed01871b380b825145 --- contrib/src/ffmpeg/rules.mak | 3 +- contrib/src/ffmpeg/swfdec.patch | 80 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+), 1 deletion(-) diff --git a/contrib/src/ffmpeg/rules.mak b/contrib/src/ffmpeg/rules.mak index 77752fe..3ab157d 100644 --- a/contrib/src/ffmpeg/rules.mak +++ b/contrib/src/ffmpeg/rules.mak @@ -126,7 +126,8 @@ ffmpeg: ffmpeg-$(FFMPEG_VERSION).tar.gz .sum-ffmpeg ifdef HAVE_WIN32 sed -i "s/std=c99/std=gnu99/" $@-$(FFMPEG_VERSION)/configure endif - $(APPLY) $(SRC)/ffmpeg/libav.git-a25d912.patch + $(APPLY) $(SRC)/ffmpeg/libavcodec-a25d912.patch + $(APPLY) $(SRC)/ffmpeg/swfdec.patch $(MOVE) .ffmpeg: ffmpeg diff --git a/contrib/src/ffmpeg/swfdec.patch b/contrib/src/ffmpeg/swfdec.patch new file mode 100644 index 0000000..ff19a4d --- /dev/null +++ b/contrib/src/ffmpeg/swfdec.patch @@ -0,0 +1,80 @@ +diff -ruN ffmpeg.old/libavformat/swfdec.c ffmpeg/libavformat/swfdec.c +--- ffmpeg.old/libavformat/swfdec.c 2012-12-11 02:25:55.000000000 +0100 ++++ ffmpeg/libavformat/swfdec.c 2012-12-11 02:26:50.000000000 +0100 +@@ -100,6 +100,10 @@ + tag = get_swf_tag(pb, &len); + if (tag < 0) + return AVERROR(EIO); ++ if (len < 0) { ++ av_log(s, AV_LOG_ERROR, "invalid tag length: %d\n", len); ++ return AVERROR_INVALIDDATA; ++ } + if (tag == TAG_VIDEOSTREAM) { + int ch_id = avio_rl16(pb); + len -= 2; +@@ -155,7 +159,10 @@ + st = s->streams[i]; + if (st->codec->codec_type == AVMEDIA_TYPE_VIDEO && st->id == ch_id) { + frame = avio_rl16(pb); +- if ((res = av_get_packet(pb, pkt, len-2)) < 0) ++ len -= 2; ++ if (len <= 0) ++ goto skip; ++ if ((res = av_get_packet(pb, pkt, len)) < 0) + return res; + pkt->pos = pos; + pkt->pts = frame; +@@ -167,17 +174,22 @@ + for (i = 0; i < s->nb_streams; i++) { + st = s->streams[i]; + if (st->codec->codec_type == AVMEDIA_TYPE_AUDIO && st->id == -1) { +- if (st->codec->codec_id == AV_CODEC_ID_MP3) { +- avio_skip(pb, 4); +- if ((res = av_get_packet(pb, pkt, len-4)) < 0) +- return res; +- } else { // ADPCM, PCM +- if ((res = av_get_packet(pb, pkt, len)) < 0) +- return res; +- } +- pkt->pos = pos; +- pkt->stream_index = st->index; +- return pkt->size; ++ if (st->codec->codec_id == AV_CODEC_ID_MP3) { ++ avio_skip(pb, 4); ++ len -= 4; ++ if (len <= 0) ++ goto skip; ++ if ((res = av_get_packet(pb, pkt, len)) < 0) ++ return res; ++ } else { // ADPCM, PCM ++ if (len <= 0) ++ goto skip; ++ if ((res = av_get_packet(pb, pkt, len)) < 0) ++ return res; ++ } ++ pkt->pos = pos; ++ pkt->stream_index = st->index; ++ return pkt->size; + } + } + } else if (tag == TAG_JPEG2) { +@@ -197,7 +209,10 @@ + st = vst; + } + avio_rl16(pb); /* BITMAP_ID */ +- if ((res = av_new_packet(pkt, len-2)) < 0) ++ len -= 2; ++ if (len < 4) ++ goto skip; ++ if ((res = av_new_packet(pkt, len)) < 0) + return res; + avio_read(pb, pkt->data, 4); + if (AV_RB32(pkt->data) == 0xffd8ffd9 || +@@ -214,6 +229,7 @@ + return pkt->size; + } + skip: ++ len = FFMAX(0, len); + avio_skip(pb, len); + } + } _______________________________________________ vlc-commits mailing list [email protected] http://mailman.videolan.org/listinfo/vlc-commits
