Sophie: xine-lib-1.0-8.3.102mdk src

xine-lib-1.0-8.3.102mdk.src.rpm

Info
Deps
Files
Scripts
ChangeLog
Location
Others versions
Analyse

--- xine-lib-1.1.0/src/demuxers/demux_avi.c.cve-2006-1502	2006-06-14 04:48:24.173424078 -0600
+++ xine-lib-1.1.0/src/demuxers/demux_avi.c	2006-06-14 04:53:37.314007396 -0600
@@ -1043,7 +1043,12 @@ static avi_t *AVI_init(demux_avi_t *this
          lprintf("Invalid Header, bIndexSubType != 0\n");
       }
 
-      superindex->aIndex = malloc (superindex->wLongsPerEntry * superindex->nEntriesInUse * sizeof (uint32_t));
+      if (superindex->nEntriesInUse > n / sizeof (avisuperindex_entry)) {
+        lprintf("broken index !, dwSize=%d, entries=%d\n", n, superindex->nEntriesInUse);
+        i += 8 + n;
+        continue;
+      }
+      superindex->aIndex = malloc (superindex->nEntriesInUse * sizeof (avisuperindex_entry));
       /* position of ix## chunks */
       for (j = 0; j < superindex->nEntriesInUse; ++j) {
         superindex->aIndex[j].qwOffset = LE_64 (a);   a += 8;