Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc-gpu
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc-gpu
Commits
8fe00082
Commit
8fe00082
authored
Oct 09, 2005
by
Laurent Aimar
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
* ogg: fix potential invalid read with broken files (close #272)
parent
c23a649a
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
38 additions
and
22 deletions
+38
-22
modules/demux/ogg.c
modules/demux/ogg.c
+38
-22
No files found.
modules/demux/ogg.c
View file @
8fe00082
...
@@ -526,7 +526,11 @@ static void Ogg_DecodePacket( demux_t *p_demux,
...
@@ -526,7 +526,11 @@ static void Ogg_DecodePacket( demux_t *p_demux,
else
if
(
p_stream
->
fmt
.
audio
.
i_rate
)
else
if
(
p_stream
->
fmt
.
audio
.
i_rate
)
{
{
p_stream
->
b_force_backup
=
0
;
p_stream
->
b_force_backup
=
0
;
p_oggpacket
->
packet
+=
9
;
p_oggpacket
->
bytes
-=
9
;
if
(
p_oggpacket
->
bytes
>=
9
)
{
p_oggpacket
->
packet
+=
9
;
p_oggpacket
->
bytes
-=
9
;
}
}
}
b_store_size
=
VLC_FALSE
;
b_store_size
=
VLC_FALSE
;
break
;
break
;
...
@@ -626,6 +630,9 @@ static void Ogg_DecodePacket( demux_t *p_demux,
...
@@ -626,6 +630,9 @@ static void Ogg_DecodePacket( demux_t *p_demux,
return
;
return
;
}
}
if
(
p_oggpacket
->
bytes
<=
0
)
return
;
if
(
!
(
p_block
=
block_New
(
p_demux
,
p_oggpacket
->
bytes
)
)
)
return
;
if
(
!
(
p_block
=
block_New
(
p_demux
,
p_oggpacket
->
bytes
)
)
)
return
;
/* Normalize PTS */
/* Normalize PTS */
...
@@ -683,7 +690,10 @@ static void Ogg_DecodePacket( demux_t *p_demux,
...
@@ -683,7 +690,10 @@ static void Ogg_DecodePacket( demux_t *p_demux,
}
}
i_header_len
++
;
i_header_len
++
;
if
(
p_block
->
i_buffer
>=
i_header_len
)
p_block
->
i_buffer
-=
i_header_len
;
p_block
->
i_buffer
-=
i_header_len
;
else
p_block
->
i_buffer
=
0
;
}
}
if
(
p_stream
->
fmt
.
i_codec
==
VLC_FOURCC
(
't'
,
'a'
,
'r'
,
'k'
)
)
if
(
p_stream
->
fmt
.
i_codec
==
VLC_FOURCC
(
't'
,
'a'
,
'r'
,
'k'
)
)
...
@@ -1313,7 +1323,8 @@ static void Ogg_ReadAnnodexHeader( vlc_object_t *p_this,
...
@@ -1313,7 +1323,8 @@ static void Ogg_ReadAnnodexHeader( vlc_object_t *p_this,
logical_stream_t
*
p_stream
,
logical_stream_t
*
p_stream
,
ogg_packet
*
p_oggpacket
)
ogg_packet
*
p_oggpacket
)
{
{
if
(
!
memcmp
(
&
p_oggpacket
->
packet
[
0
],
"Annodex"
,
7
)
)
if
(
p_oggpacket
->
bytes
>=
28
&&
!
memcmp
(
&
p_oggpacket
->
packet
[
0
],
"Annodex"
,
7
)
)
{
{
oggpack_buffer
opb
;
oggpack_buffer
opb
;
...
@@ -1331,7 +1342,8 @@ static void Ogg_ReadAnnodexHeader( vlc_object_t *p_this,
...
@@ -1331,7 +1342,8 @@ static void Ogg_ReadAnnodexHeader( vlc_object_t *p_this,
timebase_numerator
=
GetQWLE
(
&
p_oggpacket
->
packet
[
16
]
);
timebase_numerator
=
GetQWLE
(
&
p_oggpacket
->
packet
[
16
]
);
timebase_denominator
=
GetQWLE
(
&
p_oggpacket
->
packet
[
24
]
);
timebase_denominator
=
GetQWLE
(
&
p_oggpacket
->
packet
[
24
]
);
}
}
else
if
(
!
memcmp
(
&
p_oggpacket
->
packet
[
0
],
"AnxData"
,
7
)
)
else
if
(
p_oggpacket
->
bytes
>=
42
&&
!
memcmp
(
&
p_oggpacket
->
packet
[
0
],
"AnxData"
,
7
)
)
{
{
uint64_t
granule_rate_numerator
;
uint64_t
granule_rate_numerator
;
uint64_t
granule_rate_denominator
;
uint64_t
granule_rate_denominator
;
...
@@ -1346,8 +1358,12 @@ static void Ogg_ReadAnnodexHeader( vlc_object_t *p_this,
...
@@ -1346,8 +1358,12 @@ static void Ogg_ReadAnnodexHeader( vlc_object_t *p_this,
/* we are guaranteed that the first header field will be
/* we are guaranteed that the first header field will be
* the content-type (by the Annodex standard) */
* the content-type (by the Annodex standard) */
content_type_string
[
0
]
=
'\0'
;
if
(
!
strncasecmp
(
&
p_oggpacket
->
packet
[
28
],
"Content-Type: "
,
14
)
)
if
(
!
strncasecmp
(
&
p_oggpacket
->
packet
[
28
],
"Content-Type: "
,
14
)
)
{
{
uint8_t
*
p
=
memchr
(
&
p_oggpacket
->
packet
[
42
],
'\r'
,
p_oggpacket
->
bytes
-
1
);
if
(
p
&&
p
[
0
]
==
'\r'
&&
p
[
1
]
==
'\n'
)
sscanf
(
&
p_oggpacket
->
packet
[
42
],
"%1024s
\r\n
"
,
sscanf
(
&
p_oggpacket
->
packet
[
42
],
"%1024s
\r\n
"
,
content_type_string
);
content_type_string
);
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
