[FFmpeg-devel] [PATCH 2/6] Fixed segfault on corrupted sega streams in the demuxer.
Michael Niedermayer
michaelni at gmx.at
Sun Sep 11 20:37:18 CEST 2011
On Sun, Sep 11, 2011 at 07:17:41PM +0200, fenrir at elivagar.org wrote:
> From: Laurent Aimar <fenrir at videolan.org>
>
> ---
> libavformat/segafilm.c | 4 +++-
> 1 files changed, 3 insertions(+), 1 deletions(-)
>
> diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c
> index 7a84daf..49b23fc 100644
> --- a/libavformat/segafilm.c
> +++ b/libavformat/segafilm.c
> @@ -176,6 +176,8 @@ static int film_read_header(AVFormatContext *s,
> if(film->sample_count >= UINT_MAX / sizeof(film_sample))
> return -1;
> film->sample_table = av_malloc(film->sample_count * sizeof(film_sample));
> + if (!film->sample_table)
> + return AVERROR(ENOMEM);
>
> for(i=0; i<s->nb_streams; i++)
> av_set_pts_info(s->streams[i], 33, 1, film->base_clock);
> @@ -199,7 +201,7 @@ static int film_read_header(AVFormatContext *s,
> if (film->audio_type == CODEC_ID_ADPCM_ADX)
> audio_frame_counter += (film->sample_table[i].sample_size * 32 /
> (18 * film->audio_channels));
> - else
> + else if (film->audio_type != CODEC_ID_NONE)
> audio_frame_counter += (film->sample_table[i].sample_size /
> (film->audio_channels * film->audio_bits / 8));
I suspect this is supposed to avoid a division by 0, if so this seems
the wrong thing to check as it seems audio_channels still can be 0
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
In a rich man's house there is no place to spit but his face.
-- Diogenes of Sinope
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110911/97a9a838/attachment.asc>
More information about the ffmpeg-devel
mailing list