diff options
| author | Matthias Hopf <mat@mshopf.de> | 2006-05-22 16:43:56 +0000 |
|---|---|---|
| committer | Matthias Hopf <mat@mshopf.de> | 2006-05-22 16:43:56 +0000 |
| commit | 2bb7dbae2dc7e959d2ac5d416431bfed7201c51a (patch) | |
| tree | 4ac6e3172d7e432c609e82794ab70d1ac7a96fa1 /src | |
| parent | 1c6de64b5d67906e1e45174e8104e6a0c818138f (diff) | |
| download | xine-lib-2bb7dbae2dc7e959d2ac5d416431bfed7201c51a.tar.gz xine-lib-2bb7dbae2dc7e959d2ac5d416431bfed7201c51a.tar.bz2 | |
Security fix for http://www.xfocus.org/advisories/200603/11.html,
as far as xine is affected.
CVS patchset: 7992
CVS date: 2006/05/22 16:43:56
Diffstat (limited to 'src')
| -rw-r--r-- | src/demuxers/demux_avi.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/demuxers/demux_avi.c b/src/demuxers/demux_avi.c index 26897fa58..581573a13 100644 --- a/src/demuxers/demux_avi.c +++ b/src/demuxers/demux_avi.c @@ -19,7 +19,7 @@ */ /* - * $Id: demux_avi.c,v 1.224 2006/05/03 19:46:06 dsalt Exp $ + * $Id: demux_avi.c,v 1.225 2006/05/22 16:43:56 mshopf Exp $ * * demultiplexer for avi streams * @@ -1029,7 +1029,14 @@ static avi_t *AVI_init(demux_avi_t *this) { lprintf("Invalid Header, bIndexSubType != 0\n"); } - superindex->aIndex = malloc (superindex->wLongsPerEntry * superindex->nEntriesInUse * sizeof (uint32_t)); + if (superindex->nEntriesInUse > n / sizeof (avisuperindex_entry)) + { + lprintf("broken index !, dwSize=%d, entries=%d\n", n, superindex->nEntriesInUse); + i += 8 + n; + continue; + } + + superindex->aIndex = malloc (superindex->nEntriesInUse * sizeof (avisuperindex_entry)); /* position of ix## chunks */ for (j = 0; j < superindex->nEntriesInUse; ++j) { superindex->aIndex[j].qwOffset = LE_64 (a); a += 8; |