Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc-1.1
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc-1.1
Commits
6953ce08
Commit
6953ce08
authored
Jul 10, 2011
by
Rémi Denis-Courmont
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
AVI: fix heap buffer overflow (
CVE-2011
-2588)
(cherry picked from commit 9c14964bd11482d5c1d6c0e223440f9f1e5b1831)
parent
3e7f0de5
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
3 additions
and
2 deletions
+3
-2
modules/demux/avi/libavi.c
modules/demux/avi/libavi.c
+3
-2
No files found.
modules/demux/avi/libavi.c
View file @
6953ce08
...
@@ -386,7 +386,8 @@ static int AVI_ChunkRead_strf( stream_t *s, avi_chunk_t *p_chk )
...
@@ -386,7 +386,8 @@ static int AVI_ChunkRead_strf( stream_t *s, avi_chunk_t *p_chk )
case
(
AVIFOURCC_vids
):
case
(
AVIFOURCC_vids
):
p_strh
->
strh
.
i_samplesize
=
0
;
/* XXX for ffmpeg avi file */
p_strh
->
strh
.
i_samplesize
=
0
;
/* XXX for ffmpeg avi file */
p_chk
->
strf
.
vids
.
i_cat
=
VIDEO_ES
;
p_chk
->
strf
.
vids
.
i_cat
=
VIDEO_ES
;
p_chk
->
strf
.
vids
.
p_bih
=
malloc
(
p_chk
->
common
.
i_chunk_size
);
p_chk
->
strf
.
vids
.
p_bih
=
malloc
(
__MAX
(
p_chk
->
common
.
i_chunk_size
,
sizeof
(
*
p_chk
->
strf
.
vids
.
p_bih
)
)
);
AVI_READ4BYTES
(
p_chk
->
strf
.
vids
.
p_bih
->
biSize
);
AVI_READ4BYTES
(
p_chk
->
strf
.
vids
.
p_bih
->
biSize
);
AVI_READ4BYTES
(
p_chk
->
strf
.
vids
.
p_bih
->
biWidth
);
AVI_READ4BYTES
(
p_chk
->
strf
.
vids
.
p_bih
->
biWidth
);
AVI_READ4BYTES
(
p_chk
->
strf
.
vids
.
p_bih
->
biHeight
);
AVI_READ4BYTES
(
p_chk
->
strf
.
vids
.
p_bih
->
biHeight
);
...
@@ -402,7 +403,7 @@ static int AVI_ChunkRead_strf( stream_t *s, avi_chunk_t *p_chk )
...
@@ -402,7 +403,7 @@ static int AVI_ChunkRead_strf( stream_t *s, avi_chunk_t *p_chk )
{
{
p_chk
->
strf
.
vids
.
p_bih
->
biSize
=
p_chk
->
common
.
i_chunk_size
;
p_chk
->
strf
.
vids
.
p_bih
->
biSize
=
p_chk
->
common
.
i_chunk_size
;
}
}
if
(
p_chk
->
common
.
i_chunk_size
-
sizeof
(
BITMAPINFOHEADER
)
>
0
)
if
(
p_chk
->
common
.
i_chunk_size
>
sizeof
(
BITMAPINFOHEADER
)
)
{
{
memcpy
(
&
p_chk
->
strf
.
vids
.
p_bih
[
1
],
memcpy
(
&
p_chk
->
strf
.
vids
.
p_bih
[
1
],
p_buff
+
8
+
sizeof
(
BITMAPINFOHEADER
),
/* 8=fourrc+size */
p_buff
+
8
+
sizeof
(
BITMAPINFOHEADER
),
/* 8=fourrc+size */
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment