[FFmpeg-devel] [PATCH] aviobuf: Write new data at s->buf_end in fill_buffer
Ronald S. Bultje
rsbultje
Sun Feb 27 14:54:33 CET 2011
Hi,
On Sat, Feb 26, 2011 at 6:02 PM, Martin Storsj? <martin at martin.st> wrote:
> In most cases, s->buf_ptr will be equal to s->buf_end when
> fill_buffer is called, but this may not always be the case, if
> we're seeking forward by reading (permitted by the short seek
> threshold).
>
> If fill_buffer is writing to s->buf_ptr instead of s->buf_end (when
> they aren't equal and s->buf_ptr is ahead of s->buffer), the data
> between s->buf_ptr and s->buf_end is overwritten, leading to
> inconsistent buffer content. This could return incorrect data if
> later seeking back into the area before the current s->buf_ptr.
> ---
> ?libavformat/aviobuf.c | ? ?2 +-
> ?1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c
> index 270352e..e5808b6 100644
> --- a/libavformat/aviobuf.c
> +++ b/libavformat/aviobuf.c
> @@ -460,7 +460,7 @@ void put_tag(AVIOContext *s, const char *tag)
>
> ?static void fill_buffer(AVIOContext *s)
> ?{
> - ? ?uint8_t *dst= !s->max_packet_size && s->buf_end - s->buffer < s->buffer_size ? s->buf_ptr : s->buffer;
> + ? ?uint8_t *dst= !s->max_packet_size && s->buf_end - s->buffer < s->buffer_size ? s->buf_end : s->buffer;
What is the bug you're trying to fix? I.e. what behaviour is
inconsistent, or what sample plays back badly, or what application
code fails / is impossible because of this?
Ronald
More information about the ffmpeg-devel
mailing list