subject:"\[vlc\-commits\] avformat\: fix heap read overflow and invalid cast"

[vlc-commits] avformat: fix heap read overflow and invalid cast

2015-10-21 Thread Rémi Denis-Courmont

vlc/vlc-2.2 | branch: master | Rémi Denis-Courmont  | Fri Aug 
28 21:37:17 2015 +0300| [41503d6994ae0cd27a7564ba66e76a5d90adf332] | committer: 
Jean-Baptiste Kempf

avformat: fix heap read overflow and invalid cast

avformat needs nul padding after the probe data.

(cherry picked from commit 48a017006cc038c9783bccfc1d56f9ec2070fa54)
Signed-off-by: Jean-Baptiste Kempf 

> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=41503d6994ae0cd27a7564ba66e76a5d90adf332
---

 modules/demux/avformat/demux.c |   33 -
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/modules/demux/avformat/demux.c b/modules/demux/avformat/demux.c
index df92ea8..2b33de7 100644
--- a/modules/demux/avformat/demux.c
+++ b/modules/demux/avformat/demux.c
@@ -163,8 +163,24 @@ int OpenDemux( vlc_object_t *p_this )
 int64_t   i_start_time = -1;
 bool  b_can_seek;
 char *psz_url;
+const uint8_t *peek;
 int   error;
 
+/* Init Probe data */
+pd.buf_size = stream_Peek( p_demux->s, , 2048 + 213 );
+if( pd.buf_size <= 0 )
+{
+msg_Warn( p_demux, "cannot peek" );
+return VLC_EGENERIC;
+}
+
+pd.buf = malloc( pd.buf_size + AVPROBE_PADDING_SIZE );
+if( unlikely(pd.buf == NULL) )
+return VLC_ENOMEM;
+
+memcpy( pd.buf, peek, pd.buf_size );
+memset( pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE );
+
 if( p_demux->psz_file )
 psz_url = strdup( p_demux->psz_file );
 else
@@ -177,18 +193,13 @@ int OpenDemux( vlc_object_t *p_this )
 if( psz_url != NULL )
 msg_Dbg( p_demux, "trying url: %s", psz_url );
 
-/* Init Probe data */
 pd.filename = psz_url;
-if( ( pd.buf_size = stream_Peek( p_demux->s, (const uint8_t**), 
2048 + 213 ) ) <= 0 )
-{
-free( psz_url );
-msg_Warn( p_demux, "cannot peek" );
-return VLC_EGENERIC;
-}
+
 stream_Control( p_demux->s, STREAM_CAN_SEEK, _can_seek );
 
 vlc_init_avformat(p_this);
 
+/* Guess format */
 char *psz_format = var_InheritString( p_this, "avformat-format" );
 if( psz_format )
 {
@@ -197,8 +208,12 @@ int OpenDemux( vlc_object_t *p_this )
 free( psz_format );
 }
 
-/* Guess format */
-if( !fmt && !( fmt = av_probe_input_format( , 1 ) ) )
+if( fmt == NULL )
+fmt = av_probe_input_format( , 1 );
+
+free( pd.buf );
+
+if( fmt == NULL )
 {
 msg_Dbg( p_demux, "couldn't guess format" );
 free( psz_url );

___
vlc-commits mailing list
vlc-commits@videolan.org
https://mailman.videolan.org/listinfo/vlc-commits

[vlc-commits] avformat: fix heap read overflow and invalid cast

2015-08-28 Thread Rémi Denis-Courmont

vlc | branch: master | Rémi Denis-Courmont r...@remlab.net | Fri Aug 28 
21:37:17 2015 +0300| [48a017006cc038c9783bccfc1d56f9ec2070fa54] | committer: 
Rémi Denis-Courmont

avformat: fix heap read overflow and invalid cast

avformat needs nul padding after the probe data.

 http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=48a017006cc038c9783bccfc1d56f9ec2070fa54
---

 modules/demux/avformat/demux.c |   33 -
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/modules/demux/avformat/demux.c b/modules/demux/avformat/demux.c
index 5211aaa..5480af7 100644
--- a/modules/demux/avformat/demux.c
+++ b/modules/demux/avformat/demux.c
@@ -163,8 +163,24 @@ int OpenDemux( vlc_object_t *p_this )
 int64_t   i_start_time = -1;
 bool  b_can_seek;
 char *psz_url;
+const uint8_t *peek;
 int   error;
 
+/* Init Probe data */
+pd.buf_size = stream_Peek( p_demux-s, peek, 2048 + 213 );
+if( pd.buf_size = 0 )
+{
+msg_Warn( p_demux, cannot peek );
+return VLC_EGENERIC;
+}
+
+pd.buf = malloc( pd.buf_size + AVPROBE_PADDING_SIZE );
+if( unlikely(pd.buf == NULL) )
+return VLC_ENOMEM;
+
+memcpy( pd.buf, peek, pd.buf_size );
+memset( pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE );
+
 if( p_demux-psz_file )
 psz_url = strdup( p_demux-psz_file );
 else
@@ -177,18 +193,13 @@ int OpenDemux( vlc_object_t *p_this )
 if( psz_url != NULL )
 msg_Dbg( p_demux, trying url: %s, psz_url );
 
-/* Init Probe data */
 pd.filename = psz_url;
-if( ( pd.buf_size = stream_Peek( p_demux-s, (const uint8_t**)pd.buf, 
2048 + 213 ) ) = 0 )
-{
-free( psz_url );
-msg_Warn( p_demux, cannot peek );
-return VLC_EGENERIC;
-}
+
 stream_Control( p_demux-s, STREAM_CAN_SEEK, b_can_seek );
 
 vlc_init_avformat(p_this);
 
+/* Guess format */
 char *psz_format = var_InheritString( p_this, avformat-format );
 if( psz_format )
 {
@@ -197,8 +208,12 @@ int OpenDemux( vlc_object_t *p_this )
 free( psz_format );
 }
 
-/* Guess format */
-if( !fmt  !( fmt = av_probe_input_format( pd, 1 ) ) )
+if( fmt == NULL )
+fmt = av_probe_input_format( pd, 1 );
+
+free( pd.buf );
+
+if( fmt == NULL )
 {
 msg_Dbg( p_demux, couldn't guess format );
 free( psz_url );

___
vlc-commits mailing list
vlc-commits@videolan.org
https://mailman.videolan.org/listinfo/vlc-commits

[vlc-commits] avformat: fix heap read overflow and invalid cast

[vlc-commits] avformat: fix heap read overflow and invalid cast

2 matches

Site Navigation

Mail list logo

Footer information