On Wed, 25 May 2011 18:00:03 -0700, Alex Converse <[email protected]>
wrote:
> ---
> libavformat/id3v2.c | 7 ++++++-
> 1 files changed, 6 insertions(+), 1 deletions(-)
>
> diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
> index 948261a..06ae6f8 100644
> --- a/libavformat/id3v2.c
> +++ b/libavformat/id3v2.c
> @@ -237,7 +237,7 @@ static void ff_id3v2_parse(AVFormatContext *s, int len,
> uint8_t version, uint8_t
> tag[3] = 0;
> tlen = avio_rb24(s->pb);
> }
> - if (tlen < 0 || tlen > len - taghdrlen) {
> + if (tlen <= 0 || tlen > len - taghdrlen) {
This doesn't look related to what the patch is supposed to do.
> av_log(s, AV_LOG_WARNING, "Invalid size in frame %s, skipping
> the rest of tag.\n", tag);
> break;
> }
> @@ -256,6 +256,10 @@ static void ff_id3v2_parse(AVFormatContext *s, int len,
> uint8_t version, uint8_t
> if (unsync || tunsync) {
> int i, j;
> av_fast_malloc(&buffer, &buffer_size, tlen);
> + if (!buffer) {
> + av_log(s, AV_LOG_ERROR, "Failed to alloc %d bytes\n",
> tlen);
> + goto seek;
> + }
> for (i = 0, j = 0; i < tlen; i++, j++) {
> buffer[j] = avio_r8(s->pb);
> if (j > 0 && !buffer[j] && buffer[j - 1] == 0xff) {
> @@ -276,6 +280,7 @@ static void ff_id3v2_parse(AVFormatContext *s, int len,
> uint8_t version, uint8_t
> break;
> }
> /* Skip to end of tag */
> +seek:
> avio_seek(s->pb, next, SEEK_SET);
> }
>
> --
> 1.7.3.1
>
Ok.
--
Anton Khirnov
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
