Skip to content

V
vlc-2-2
Commit 287923fe authored by Laurent Aimar's avatar Laurent Aimar
Browse files
Options

* libavi.c: a sanity check to prevent some segfault with corrupted 

header.
parent 4be766c2
Show whitespace changes
Inline Side-by-side
Showing with 23 additions and 7 deletions
modules/demux/avi/libavi.c
View file @ 287923fe
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
* libavi.c : * libavi.c :
***************************************************************************** *****************************************************************************
* Copyright (C) 2001 VideoLAN * Copyright (C) 2001 VideoLAN
* $Id: libavi.c,v 1.10 2002/12/16 13:04:36 fenrir Exp $ * $Id: libavi.c,v 1.11 2002/12/18 15:52:06 fenrir Exp $
* Authors: Laurent Aimar <fenrir@via.ecp.fr> * Authors: Laurent Aimar <fenrir@via.ecp.fr>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
...@@ -530,6 +530,13 @@ static int AVI_ChunkRead_strf( input_thread_t *p_input, ...@@ -530,6 +530,13 @@ static int AVI_ChunkRead_strf( input_thread_t *p_input,
if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM ) if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM )
{ {
AVI_READ2BYTES( p_chk->strf.auds.p_wf->cbSize ); AVI_READ2BYTES( p_chk->strf.auds.p_wf->cbSize );
/* prevent segfault */
if( p_chk->strf.auds.p_wf->cbSize >
p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) )
{
p_chk->strf.auds.p_wf->cbSize =
p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX );
}
} }
else else
{ {
...@@ -539,7 +546,7 @@ static int AVI_ChunkRead_strf( input_thread_t *p_input, ...@@ -539,7 +546,7 @@ static int AVI_ChunkRead_strf( input_thread_t *p_input,
{ {
memcpy( &p_chk->strf.auds.p_wf[1] , memcpy( &p_chk->strf.auds.p_wf[1] ,
p_buff + sizeof( WAVEFORMATEX ), p_buff + sizeof( WAVEFORMATEX ),
p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX )); p_chk->strf.auds.p_wf->cbSize );
} }
#ifdef AVI_DEBUG #ifdef AVI_DEBUG
msg_Dbg( p_input, msg_Dbg( p_input,
...@@ -565,9 +572,18 @@ static int AVI_ChunkRead_strf( input_thread_t *p_input, ...@@ -565,9 +572,18 @@ static int AVI_ChunkRead_strf( input_thread_t *p_input,
AVI_READ4BYTES( p_chk->strf.vids.p_bih->biYPelsPerMeter ); AVI_READ4BYTES( p_chk->strf.vids.p_bih->biYPelsPerMeter );
AVI_READ4BYTES( p_chk->strf.vids.p_bih->biClrUsed ); AVI_READ4BYTES( p_chk->strf.vids.p_bih->biClrUsed );
AVI_READ4BYTES( p_chk->strf.vids.p_bih->biClrImportant ); AVI_READ4BYTES( p_chk->strf.vids.p_bih->biClrImportant );
if( p_chk->strf.vids.p_bih->biSize >
p_chk->common.i_chunk_size )
{
p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size;
}
if( p_chk->strf.vids.p_bih->biSize - sizeof(BITMAPINFOHEADER) > 0 )
{
memcpy( &p_chk->strf.vids.p_bih[1], memcpy( &p_chk->strf.vids.p_bih[1],
p_buff + sizeof(BITMAPINFOHEADER), p_buff + sizeof(BITMAPINFOHEADER),
p_chk->common.i_chunk_size - sizeof(BITMAPINFOHEADER) ); p_chk->strf.vids.p_bih->biSize -
sizeof(BITMAPINFOHEADER) );
}
#ifdef AVI_DEBUG #ifdef AVI_DEBUG
msg_Dbg( p_input, msg_Dbg( p_input,
"strf: video:%c%c%c%c %dx%d planes:%d %dbpp", "strf: video:%c%c%c%c %dx%d planes:%d %dbpp",
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment