]> CyberLeo.Net >> Repos - CDN/portage-cdn.git/blob - media-video/mplayer/files/mplayer-1.0_rc2_p28058-demux_vqf.patch
projects / CDN / portage-cdn.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
media-video/mplayer: add ASS patch
[CDN/portage-cdn.git] / media-video / mplayer / files / mplayer-1.0_rc2_p28058-demux_vqf.patch
1 --- mplayer-1.0_rc2_p28058.orig/libmpdemux/demux_vqf.c      2007/10/07 16:27:03     24723
2 +++ mplayer-1.0_rc2_p28058/libmpdemux/demux_vqf.c      2008/12/14 15:18:41     28150
3 @@ -50,11 +50,14 @@
4      unsigned chunk_size;
5      hi->size=chunk_size=stream_read_dword(s); /* include itself */
6      stream_read(s,chunk_id,4);
7 +    if (chunk_size < 8) return NULL;
8 +    chunk_size -= 8;
9      if(*((uint32_t *)&chunk_id[0])==mmioFOURCC('C','O','M','M'))
10      {
11 -    char buf[chunk_size-8];
12 +    char buf[BUFSIZ];
13      unsigned i,subchunk_size;
14 -    if(stream_read(s,buf,chunk_size-8)!=chunk_size-8) return NULL;
15 +    if (chunk_size > sizeof(buf) || chunk_size < 20) return NULL;
16 +    if(stream_read(s,buf,chunk_size)!=chunk_size) return NULL;
17      i=0;
18      subchunk_size=be2me_32(*((uint32_t *)&buf[0]));
19      hi->channelMode=be2me_32(*((uint32_t *)&buf[4]));
20 @@ -83,13 +86,15 @@
21      sh_audio->samplesize = 4;
22      w->wBitsPerSample = 8*sh_audio->samplesize;
23      w->cbSize = 0;
24 +    if (subchunk_size > chunk_size - 4) continue;
25      i+=subchunk_size+4;
26 -    while(i<chunk_size-8)
27 +    while(i + 8 < chunk_size)
28      {
29          unsigned slen,sid;
30 -        char sdata[chunk_size];
31 +        char sdata[BUFSIZ];
32          sid=*((uint32_t *)&buf[i]); i+=4;
33          slen=be2me_32(*((uint32_t *)&buf[i])); i+=4;
34 +        if (slen > sizeof(sdata) - 1 || slen > chunk_size - i) break;
35          if(sid==mmioFOURCC('D','S','I','Z'))
36          {
37          hi->Dsiz=be2me_32(*((uint32_t *)&buf[i]));
38 @@ -141,7 +146,7 @@
39      if(*((uint32_t *)&chunk_id[0])==mmioFOURCC('D','A','T','A'))
40      {
41      demuxer->movi_start=stream_tell(s);
42 -    demuxer->movi_end=demuxer->movi_start+chunk_size-8;
43 +    demuxer->movi_end=demuxer->movi_start+chunk_size;
44      mp_msg(MSGT_DEMUX, MSGL_V, "Found data at %"PRIX64" size %"PRIu64"\n",demuxer->movi_start,demuxer->movi_end);
45      /* Done! play it */
46      break;
47 @@ -149,7 +154,7 @@
48      else
49      {
50      mp_msg(MSGT_DEMUX, MSGL_V, "Unhandled chunk '%c%c%c%c' %u bytes\n",((char *)&chunk_id)[0],((char *)&chunk_id)[1],((char *)&chunk_id)[2],((char *)&chunk_id)[3],chunk_size);
51 -    stream_skip(s,chunk_size-8); /*unknown chunk type */
52 +    stream_skip(s,chunk_size); /*unknown chunk type */
53      }
54    }
55  
CDN Internal Portage Overlay