diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2011-05-05 03:09:48 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2011-05-05 03:30:24 +0200 |
| commit | b000b86e1dd03c4ff89cd63a6fa88fc280947c94 (patch) | |
| tree | 8ba961dc8c013885d7bdfe944fb7cb31d5dc6d95 /libavformat/asfdec.c | |
| parent | 9a5624a0f1b205e966391645a512c6dccdce42cd (diff) | |
| parent | af1ca249e8eb685823dd0dade3aa3c1d119a61ec (diff) | |
Merge remote branch 'qatar/master'
* qatar/master: (23 commits)
doc: Check standalone compilation before submitting new components.
Fix standalone compilation of pipe protocol.
Fix standalone compilation of ac3_fixed encoder.
Fix standalone compilation of binkaudio_dct / binkaudio_rdft decoders.
Fix standalone compilation of IMC decoder.
Fix standalone compilation of WTV demuxer.
Fix standalone compilation of MXPEG decoder.
flashsv: K&R cosmetics
matroskaenc: fix memory leak
vc1: make overlap filter for I-frames bit-exact.
vc1dec: use s->start/end_mb_y instead of passing them as function args.
Revert "VC1: merge idct8x8, coeff adjustments and put_pixels."
Replace strncpy() with av_strlcpy().
indeo3: Eliminate use of long.
get_bits: make cache unsigned to eliminate undefined signed overflow.
asfdec: fix assert failure on invalid files
avfilter: check malloc return values.
Not pulled as reason for reindent is not pulled: mpegvideo: reindent.
nutenc: check malloc return values.
Not pulled due to much simpler solution in ffmpeg *: don't av_malloc(0).
...
Conflicts:
doc/developer.texi
libavcodec/Makefile
libavcodec/get_bits.h
libavcodec/mpegvideo.c
libavformat/Makefile
libavutil/log.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavformat/asfdec.c')
| -rw-r--r-- | libavformat/asfdec.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c index 63c18303c6..7d0409aa83 100644 --- a/libavformat/asfdec.c +++ b/libavformat/asfdec.c @@ -845,11 +845,21 @@ static int asf_read_frame_header(AVFormatContext *s, AVIOContext *pb){ if (asf->packet_flags & 0x01) { DO_2BITS(asf->packet_segsizetype >> 6, asf->packet_frag_size, 0); // 0 is illegal if(asf->packet_frag_size > asf->packet_size_left - rsize){ - av_log(s, AV_LOG_ERROR, "packet_frag_size is invalid\n"); - return -1; + if (asf->packet_frag_size > asf->packet_size_left - rsize + asf->packet_padsize) { + av_log(s, AV_LOG_ERROR, "packet_frag_size is invalid (%d-%d)\n", asf->packet_size_left, rsize); + return -1; + } else { + int diff = asf->packet_frag_size - (asf->packet_size_left - rsize); + asf->packet_size_left += diff; + asf->packet_padsize -= diff; + } } //printf("Fragsize %d\n", asf->packet_frag_size); } else { + if (rsize > asf->packet_size_left) { + av_log(s, AV_LOG_ERROR, "packet_replic_size is invalid\n"); + return -1; + } asf->packet_frag_size = asf->packet_size_left - rsize; //printf("Using rest %d %d %d\n", asf->packet_frag_size, asf->packet_size_left, rsize); } |