diff options
author | John Stebbins <jstebbins.hb@gmail.com> | 2017-02-15 10:29:39 -0700 |
---|---|---|
committer | John Stebbins <jstebbins.hb@gmail.com> | 2017-02-15 10:34:09 -0700 |
commit | 05f743e784fe69e2950d32e8ac177c34a2f3e5c8 (patch) | |
tree | 51c269152a75336586d8d155792a90c696515614 | |
parent | e3181b6e131fa52b96b076ea7c752b509028e9d6 (diff) |
libav: fix crash when scanning wmv file
Fixes crash reported here
https://forum.handbrake.fr/viewtopic.php?f=11&t=35690
Does not fix scan problem, but follow-up commit will.
Also possibly related
https://github.com/HandBrake/HandBrake/issues/466
https://github.com/HandBrake/HandBrake/issues/495
-rw-r--r-- | contrib/ffmpeg/A07-wmv-crash.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/contrib/ffmpeg/A07-wmv-crash.patch b/contrib/ffmpeg/A07-wmv-crash.patch new file mode 100644 index 000000000..ca124a14c --- /dev/null +++ b/contrib/ffmpeg/A07-wmv-crash.patch @@ -0,0 +1,31 @@ +From 8e67039c6312ba520945f2c01b7b14df056d5ed1 Mon Sep 17 00:00:00 2001 +From: John Stebbins <stebbins@jetheaddev.com> +Date: Thu, 12 Jan 2017 13:36:26 -0700 +Subject: [PATCH] asfdec: Use the ASF stream count when iterating + +The AVFormat stream count can be larger due external factors, such as +an id3 tag appended. + +Avoid an out of bound read. + +Signed-off-by: Luca Barbato <lu_zero@gentoo.org> +--- + libavformat/asfdec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c +index 1c50ad6..d602af8 100644 +--- a/libavformat/asfdec.c ++++ b/libavformat/asfdec.c +@@ -1485,7 +1485,7 @@ static int asf_read_packet(AVFormatContext *s, AVPacket *pkt) + asf->return_subpayload = 0; + return 0; + } +- for (i = 0; i < s->nb_streams; i++) { ++ for (i = 0; i < asf->nb_streams; i++) { + ASFPacket *asf_pkt = &asf->asf_st[i]->pkt; + if (asf_pkt && !asf_pkt->size_left && asf_pkt->data_size) { + if (asf->asf_st[i]->span > 1 && +-- +2.9.3 + |