[libav-bugs] [Bug 372] New: matroskadec: segfault in matroska_parse_laces() with fixed-size lacing

bugzilla-daemon at aruru.libav.org bugzilla-daemon at aruru.libav.org
Thu Sep 20 19:57:55 CEST 2012


http://bugzilla.libav.org/show_bug.cgi?id=372

           Summary: matroskadec: segfault in matroska_parse_laces() with
                    fixed-size lacing
           Product: Libav
           Version: git HEAD
          Platform: X86
        OS/Version: Windows
            Status: NEW
          Severity: major
          Priority: High
         Component: libavformat
        AssignedTo: bugzilla at libav.org
        ReportedBy: tdskywalker at gmail.com


Sample:
https://dl.dropbox.com/u/37259775/libav/mkv_segfault/segmentation_fault.mka

avconv -i segmentation_fault.mka
avconv version v0.8-3163-ga27a690, Copyright (c) 2000-2012 the Libav developers
  built on Sep 20 2012 19:41:03 with llvm-gcc 4.2.1 (LLVM build 2336.11.00)
Segmentation fault: 11

The following diff hides the segfault:

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 0a35a87..8f7d736 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1804,7 +1804,7 @@ static int matroska_parse_laces(MatroskaDemuxContext
*matroska, uint8_t **buf,
     }

     case 0x2: /* fixed-size lacing */
-        if (size != (size / *laces) * size) {
+        if (size % *laces) {
             res = AVERROR_INVALIDDATA;
             break;
         }

-- 
Configure bugmail: http://bugzilla.libav.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.


More information about the libav-bugs mailing list