[FFmpeg-devel] [PATCH] Fix crash in cdxa_probe() when opening HTTP URL
Måns Rullgård
mans
Wed Oct 31 23:33:25 CET 2007
Jon Foster <jon at jon-foster.co.uk> writes:
> This patch fixes a crash when calling av_open_input_file() with a http: URL.
> This crash happens because buf is NULL and buf_size is 0, but cdxa_probe()
> dereferences buf without checking. The patch adds a check that buf_size
> is big enough to contain the signature.
>
> Index: libavformat/mpeg.c
> ===================================================================
> --- libavformat/mpeg.c (revision 10885)
> +++ libavformat/mpeg.c (working copy)
> @@ -35,7 +35,8 @@
> static int cdxa_probe(AVProbeData *p)
> {
> /* check file header */
> - if (p->buf[0] == 'R' && p->buf[1] == 'I' &&
> + if (p->buf_size >= 8 &&
^
> + p->buf[0] == 'R' && p->buf[1] == 'I' &&
> p->buf[2] == 'F' && p->buf[3] == 'F' &&
> p->buf[8] == 'C' && p->buf[9] == 'D' &&
> p->buf[10] == 'X' && p->buf[11] == 'A')
^^
The size check isn't quite adequate.
--
M?ns Rullg?rd
mans at mansr.com
More information about the ffmpeg-devel
mailing list