diff mbox

dxr3plugin fix to prevent segv for some corrupt streams

Message ID 4272C8ED.8000802@uklinux.net
State New
Headers

Commit Message

Jon Burgess April 29, 2005, 11:53 p.m. UTC 
  I tracked down a small problem in the dxr3pesframes code which was 
causing a segv to occur while trying to play some corrupted streams.

dxr3pesframe.c contains the following loop which is used to find the 
start of the first pes header:

   for (; pos + 9 < length && !IsPesHeader(pesArray.SubArray(pos, 4)); 
pos++);

With corrupted streams loop may reach the end of the buffer without 
finding a valid header and the subsequent code tries to decode the bogus 
header data often causing a segv. The patch detects this condition and 
causes the bad data to be dropped.

	Jon
diff mbox

Patch

--- dxr3/dxr3pesframe.c.~1.2.2.6.~	2005-04-29 23:58:25.000000000 +0100
+++ dxr3/dxr3pesframe.c	2005-04-30 00:00:03.000000000 +0100
@@ -44,6 +44,10 @@ 
 	if (length > 9)
 	{
 	    for (; pos + 9 < length && !IsPesHeader(pesArray.SubArray(pos, 4)); pos++);
+	    if (pos + 9 >= length) {
+                m_remainingLength = 0;
+                return m_bValid;
+            }
 	    m_pPesStart = pBuf + pos;
 
 	    if ((pesArray[pos + 6] & 0xC0) == 0x80