summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn Stebbins <jstebbins.hb@gmail.com>2017-02-15 10:29:39 -0700
committerJohn Stebbins <jstebbins.hb@gmail.com>2017-02-15 10:34:09 -0700
commit05f743e784fe69e2950d32e8ac177c34a2f3e5c8 (patch)
tree51c269152a75336586d8d155792a90c696515614
parente3181b6e131fa52b96b076ea7c752b509028e9d6 (diff)
libav: fix crash when scanning wmv file
Fixes crash reported here https://forum.handbrake.fr/viewtopic.php?f=11&t=35690 Does not fix scan problem, but follow-up commit will. Also possibly related https://github.com/HandBrake/HandBrake/issues/466 https://github.com/HandBrake/HandBrake/issues/495
-rw-r--r--contrib/ffmpeg/A07-wmv-crash.patch31
1 files changed, 31 insertions, 0 deletions
diff --git a/contrib/ffmpeg/A07-wmv-crash.patch b/contrib/ffmpeg/A07-wmv-crash.patch
new file mode 100644
index 000000000..ca124a14c
--- /dev/null
+++ b/contrib/ffmpeg/A07-wmv-crash.patch
@@ -0,0 +1,31 @@
+From 8e67039c6312ba520945f2c01b7b14df056d5ed1 Mon Sep 17 00:00:00 2001
+From: John Stebbins <stebbins@jetheaddev.com>
+Date: Thu, 12 Jan 2017 13:36:26 -0700
+Subject: [PATCH] asfdec: Use the ASF stream count when iterating
+
+The AVFormat stream count can be larger due external factors, such as
+an id3 tag appended.
+
+Avoid an out of bound read.
+
+Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
+---
+ libavformat/asfdec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
+index 1c50ad6..d602af8 100644
+--- a/libavformat/asfdec.c
++++ b/libavformat/asfdec.c
+@@ -1485,7 +1485,7 @@ static int asf_read_packet(AVFormatContext *s, AVPacket *pkt)
+ asf->return_subpayload = 0;
+ return 0;
+ }
+- for (i = 0; i < s->nb_streams; i++) {
++ for (i = 0; i < asf->nb_streams; i++) {
+ ASFPacket *asf_pkt = &asf->asf_st[i]->pkt;
+ if (asf_pkt && !asf_pkt->size_left && asf_pkt->data_size) {
+ if (asf->asf_st[i]->span > 1 &&
+--
+2.9.3
+