[mythtv-commits] Re: Ticket #961: mythcommflag crash in mpeg2
decoding
MythTV
mythtv at cvs.mythtv.org
Sat Jan 7 20:30:09 UTC 2006
#961: mythcommflag crash in mpeg2 decoding
----------------------------------------+-----------------------------------
Reporter: jwestfall at surrealistic.net | Owner: ijr
Type: defect | Status: new
Priority: minor | Milestone:
Component: mythtv | Version: head
Severity: low | Resolution:
----------------------------------------+-----------------------------------
Comment (by jwestfall at surrealistic.net):
Hi
I believe the following code in find_start_code() is the culprit.
{{{
static int find_start_code(const uint8_t **pbuf_ptr, const uint8_t
*buf_end)
{
const uint8_t *buf_ptr= *pbuf_ptr;
buf_ptr++; //gurantees that -1 is within the array
buf_end -= 2; // gurantees that +2 is within the array
while (buf_ptr < buf_end) {
if(*buf_ptr==0){
while(buf_ptr < buf_end && buf_ptr[1]==0)
buf_ptr++;
if(buf_ptr[-1] == 0 && buf_ptr[1] == 1){
*pbuf_ptr = buf_ptr+3;
return buf_ptr[2] + 0x100;
}
}
buf_ptr += 2;
}
}}}
If the inner while loop fails because buf_ptr == buf_end, and the
following if statement is true, the code will set *pbuf_ptr = buf_ptr+3
which is 1 byte past the real end of the buffer (buf_end+2).
attaching a patch that fixes the issue for me.
--
Ticket URL: <http://cvs.mythtv.org/trac/ticket/961>
MythTV <http://www.mythtv.org/>
MythTV
More information about the mythtv-commits
mailing list