[FFmpeg-devel] [PATCH] ff_split_xiph_headers returns broken header_len < 0

Reimar Döffinger Reimar.Doeffinger
Tue Apr 15 18:54:45 CEST 2008

when trying to play http://wdz5.xs4all.nl/~hendrik/mmw-deadzy.ogg with
MPlayer (ffplay untested), the vorbis decoder crashes.
The reason is that ff_split_xiph_headers does not fail but returns an
invalid (negative) header_len[2].
Attached patch is one possible fix. Maybe doing a return -1 if this case
happens is the better solution, I just like to default to solutions that
have a higher chance of still working with broken files (though at least
in this case it does not help anyway, the files till does not play).

Reimar D?ffinger
-------------- next part --------------
Index: libavcodec/xiph.c
--- libavcodec/xiph.c	(revision 12807)
+++ libavcodec/xiph.c	(working copy)
@@ -44,7 +44,7 @@
             header_len[i] += extradata[j];
-        header_len[2] = extradata_size - header_len[0] - header_len[1] - j;
+        header_len[2] = FFMAX(0, extradata_size - header_len[0] - header_len[1] - j);
         extradata += j;
         header_start[0] = extradata;
         header_start[1] = header_start[0] + header_len[0];

More information about the ffmpeg-devel mailing list