[FFmpeg-devel] [PATCH 07/28] changed: check return value of seeks to avoid messing up current stream location
Michael Niedermayer
michaelni
Thu Jul 1 01:55:32 CEST 2010
On Wed, Jun 30, 2010 at 06:36:14PM +0200, Reimar D?ffinger wrote:
> On Wed, Jun 30, 2010 at 10:09:35AM +0100, Mans Rullgard wrote:
> > From: Cory Fields <theuni-nospam- at xbmc.org>
> >
> > ---
> > libavformat/avidec.c | 5 ++++-
> > 1 files changed, 4 insertions(+), 1 deletions(-)
> >
> > diff --git a/libavformat/avidec.c b/libavformat/avidec.c
> > index befaa79..390d42f 100644
> > --- a/libavformat/avidec.c
> > +++ b/libavformat/avidec.c
> > @@ -190,7 +190,10 @@ static int read_braindead_odml_indx(AVFormatContext *s, int frame_num){
> >
> > pos = url_ftell(pb);
> >
> > - url_fseek(pb, offset+8, SEEK_SET);
> > + if(url_fseek(pb, pos, SEEK_SET) < 0) {
> > + av_log(s, AV_LOG_ERROR, "Failed to restore position after reading index");
> > + return -1;
> > + }
>
> when/why does this make a difference?
>
> > read_braindead_odml_indx(s, frame_num);
>
> Hmm... an arbitrarily recursive function?
> At least a DoS on that seems trivial... (I suspect this is not
> the only place this can happen, IIRC mov allows something similar
> by putting moov into moov into moov...).
argh
you can fix the DOS if you like (using avtree should allow easy and
fast detection of reused elements)
ill fix the stack overflow as soon as this box finishes the retests
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
The educated differ from the uneducated as much as the living from the
dead. -- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20100701/9bdde16d/attachment.pgp>
More information about the ffmpeg-devel
mailing list