[FFmpeg-devel] [PATCH] ff_split_xiph_headers returns broken header_len < 0

Michael Niedermayer michaelni
Tue Apr 15 19:11:12 CEST 2008

On Tue, Apr 15, 2008 at 06:54:45PM +0200, Reimar D?ffinger wrote:
> Hello,
> when trying to play http://wdz5.xs4all.nl/~hendrik/mmw-deadzy.ogg with
> MPlayer (ffplay untested), the vorbis decoder crashes.
> The reason is that ff_split_xiph_headers does not fail but returns an
> invalid (negative) header_len[2].
> Attached patch is one possible fix. Maybe doing a return -1 if this case
> happens is the better solution, I just like to default to solutions that
> have a higher chance of still working with broken files (though at least
> in this case it does not help anyway, the files till does not play).

I prefer a return -1 (unless doing something else helps some existing file)
Also your check is insufficient header_len 0/1 still can reach arbitrary
values, i think this should be fixed more generically. That is checking
that all are within extradata.

Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Good people do not need laws to tell them to act responsibly, while bad
people will find a way around the laws. -- Plato
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20080415/f2208320/attachment.pgp>

More information about the ffmpeg-devel mailing list