~stefanlsd/mplayer/hardy

« back to all changes in this revision

Viewing changes to libmpdemux/demux_real.c

Committer: Stefan Lesicnik
Date: 2008-10-27 12:53:32 UTC
Revision ID: stefan@lsd.co.za-20081027125332-0uzzff9tor3ms5mf

Fix for CVE-2008-3827

files modified:
debian/changelog

libmpdemux/demux_real.c

Show diffs side-by-side

added added

removed removed

libmpdemux/demux_real.c

958

// last fragment!

959

if(dp_hdr->len!=vpkg_length-vpkg_offset)

960

mp_msg(MSGT_DEMUX,MSGL_V,"warning! assembled.len=%d frag.len=%d total.len=%d \n",dp->len,vpkg_offset,vpkg_length-vpkg_offset);

961

if (vpkg_offset > dp->len - sizeof(dp_hdr_t) - dp_hdr->len) vpkg_offset = dp->len - sizeof(dp_hdr_t) - dp_hdr->len;

961

962

stream_read(demuxer->stream, dp_data+dp_hdr->len, vpkg_offset);

962

963

if((dp_data[dp_hdr->len]&0x20) && (sh_video->format==0x30335652)) --dp_hdr->chunks; else

963

964

dp_hdr->len+=vpkg_offset;

981

982

// non-last fragment:

982

983

if(dp_hdr->len!=vpkg_offset)

983

984

mp_msg(MSGT_DEMUX,MSGL_V,"warning! assembled.len=%d offset=%d frag.len=%d total.len=%d \n",dp->len,vpkg_offset,len,vpkg_length);

985

if (len > dp->len - sizeof(dp_hdr_t) - dp_hdr->len) len = dp->len - sizeof(dp_hdr_t) - dp_hdr->len;

984

986

stream_read(demuxer->stream, dp_data+dp_hdr->len, len);

985

987

if((dp_data[dp_hdr->len]&0x20) && (sh_video->format==0x30335652)) --dp_hdr->chunks; else

986

988

dp_hdr->len+=len;

1003

1005

extra[0]=1; extra[1]=0; // offset of the first chunk

1004

1006

if(0x00==(vpkg_header&0xc0)){

1005

1007

// first fragment:

1008

if (len > dp->len - sizeof(dp_hdr_t)) len = dp->len - sizeof(dp_hdr_t);

1006

1009

dp_hdr->len=len;

1007

1010

stream_read(demuxer->stream, dp_data, len);

1008

1011

ds->asf_packet=dp;

Older »