[Ffmpeg-devel] Re: [PATCH] mov.c clean and enhancements (original) (raw)
Baptiste COUDURIER baptiste.coudurier
Sat Feb 18 13:19:31 CET 2006
- Previous message: [Ffmpeg-devel] [PATCH] mov.c clean and enhancements
- Next message: [Ffmpeg-devel] Re: [PATCH] mov.c clean and enhancements
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michael Niedermayer wrote:
Hi
[...] +static int movreadalac(MOVContext *c, ByteIOContext *pb, MOVatomt atom) +{ + AVStream *st = c->fc->streams[c->fc->nbstreams-1]; + + // currently ALAC decoder expect full atom header - so let's fake it + // this should be fixed and just ALAC header should be passed + + avfree(st->codec->extradata); + st->codec->extradatasize = atom.size + 8; + st->codec->extradata = (uint8t*) avmallocz(st->codec->extradatasize + FFINPUTBUFFERPADDINGSIZE); + + if (st->codec->extradata) { + strcpy(st->codec->extradata + 4, "alac"); // fake + getbuffer(pb, st->codec->extradata + 8, atom.size); + dprintf("Reading alac %Ld %s\n", atom.size, (char*)st->codec->extradata); + } else + urlfskip(pb, atom.size); + return 0; is there anything which prevents atom.size + 8 + FFINPUTBUFFERPADDINGSIZE from overflowing? if no then extradata will be too small and you have a heap overflow
[...]
Ok, is it better this way ?
-- Baptiste COUDURIER GnuPG Key Id: 0x5C1ABAAA SMARTJOG S.A. http://www.smartjog.com Key fingerprint 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA Phone: +33 1 49966312 -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: mov_stsd_audio_clean.patch URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20060218/4c2325c2/attachment.asc>
- Previous message: [Ffmpeg-devel] [PATCH] mov.c clean and enhancements
- Next message: [Ffmpeg-devel] Re: [PATCH] mov.c clean and enhancements
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]