[FFmpeg-devel] [PATCH] fix potential ff_mov_lang_to_iso639 segfault
Aurelien Jacobs
aurel
Wed Jan 21 14:16:26 CET 2009
Hi,
ff_mov_lang_to_iso639() takes a code parameter as an int and uses it
to address memory: mov_mdhd_language_map[code]
There is proper upper bound check, but no lower bound check, so negative
value of code could generate a segfault.
Code is read directly from the mov bitstream, so specially crafted file
could trigger this segfault.
Attached patch changes code to unsigned to avoid this problem.
It may solve the segfault reported in issue793 (an mp3 file miss-detected
as mov).
Aurel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lang_to_iso639_unsigned.diff
Type: text/x-patch
Size: 1237 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090121/45727c4c/attachment.bin>
More information about the ffmpeg-devel
mailing list