[FFmpeg-cvslog] r21487 - trunk/libavcodec/mlp_parser.c
reimar
subversion
Wed Jan 27 21:04:20 CET 2010
Author: reimar
Date: Wed Jan 27 21:04:19 2010
New Revision: 21487
Log:
Fix possible crashes in mlp parser, it tries to go back 7 bytes after
finding the 4-byte signature.
Add a check that ignores the signature if we do not have enough previous
data to go back at least 7 bytes.
Modified:
trunk/libavcodec/mlp_parser.c
Modified: trunk/libavcodec/mlp_parser.c
==============================================================================
--- trunk/libavcodec/mlp_parser.c Wed Jan 27 21:02:18 2010 (r21486)
+++ trunk/libavcodec/mlp_parser.c Wed Jan 27 21:04:19 2010 (r21487)
@@ -176,7 +176,9 @@ static int mlp_parse(AVCodecParserContex
for (i = 0; i < buf_size; i++) {
mp->pc.state = (mp->pc.state << 8) | buf[i];
- if ((mp->pc.state & 0xfffffffe) == 0xf8726fba) {
+ if ((mp->pc.state & 0xfffffffe) == 0xf8726fba &&
+ // ignore if we do not have the data for the start of header
+ mp->pc.index + i >= 7) {
mp->in_sync = 1;
mp->bytes_left = 0;
break;
More information about the ffmpeg-cvslog
mailing list