[MPlayer-dev-eng] zzuf fuzzer bugs
Jindrich Makovicka
makovick at gmail.com
Tue Jan 16 12:05:41 CET 2007
On 1/16/07, Uoti Urpala <uoti.urpala at pp1.inet.fi> wrote:
> On Tue, 2007-01-16 at 08:58 +0100, Diego Biurrun wrote:
> > http://sam.zoy.org/zzuf/
> >
> > MPlayer shows quite a few crashes, none of which seem related to FFmpeg.
>
> I tested some of those files.
>
> lol-mplayer.ogg:
> ffvorbis init fails, then MPlayer tries system libvorbis (Debian) which
> crashes (I've configured MPlayer with --disable-tremor-internal).
Tremor seems to be cured by the following patch, but I didn't test the
performance impact yet.
--
Jindrich Makovicka
-------------- next part --------------
Index: codebook.c
===================================================================
--- codebook.c (revision 21940)
+++ codebook.c (working copy)
@@ -211,7 +211,13 @@
/* returns the [original, not compacted] entry number or -1 on eof *********/
long vorbis_book_decode(codebook *book, oggpack_buffer *b){
- long packed_entry=decode_packed_entry_number(book,b);
+ long packed_entry;
+
+ if (!book->dec_firsttable)
+ return(-1);
+
+ packed_entry=decode_packed_entry_number(book,b);
+
if(packed_entry>=0)
return(book->dec_index[packed_entry]);
@@ -228,6 +234,9 @@
int i,j,o;
int shift=point-book->binarypoint;
+ if (!book->dec_firsttable)
+ return(-1);
+
if(shift>=0){
for (i = 0; i < step; i++) {
entry[i]=decode_packed_entry_number(book,b);
@@ -256,6 +265,9 @@
ogg_int32_t *t;
int shift=point-book->binarypoint;
+ if (!book->dec_firsttable)
+ return(-1);
+
if(shift>=0){
for(i=0;i<n;){
entry = decode_packed_entry_number(book,b);
@@ -282,6 +294,9 @@
ogg_int32_t *t;
int shift=point-book->binarypoint;
+ if (!book->dec_firsttable)
+ return(-1);
+
if(shift>=0){
for(i=0;i<n;){
@@ -313,6 +328,9 @@
int chptr=0;
int shift=point-book->binarypoint;
+ if (!book->dec_firsttable)
+ return(-1);
+
if(shift>=0){
for(i=offset;i<offset+n;){
More information about the MPlayer-dev-eng
mailing list