Opened 13 years ago

Closed 13 years ago

Last modified 13 years ago

#450 closed defect (fixed)

Crash on asf file

Reported by: mikulas@… Owned by: moritz@…
Priority: normal Component: demuxer
Version: 1.0pre7 Severity: normal
Keywords: Cc:
Blocked By: Blocking:
Reproduced by developer: Analyzed by developer:

Description

I've seen this message and later crash in demux_asf_fill_buffer:

ASF file format detected.
FATAL: header size bigger than 64 kB (65661)!
Please contact MPlayer authors, and upload/send this file.
EXCEPTION: EXCEPTION READ PAGE FAULT AT 202484AC<demux_asf_fill_buffer+138>
(ADDRESS 00000000, ERROR VM FAULT).
MPlayer interrupted by signal 11 in module: demux_open

I've created patch for this problem. It

  1. Fixes error handling so that it exits rather than crashes if error in asf

header is found.

  1. Extends the header to 256kb --- with this change, the file plays fine.

The patch is available at
http://urtax.ms.mff.cuni.cz/~mikulas/mplayer-patchset/crash-asf-header.diff

(there are other patches for crashes and bugs in mplayer-1.0pre7 at
http://urtax.ms.mff.cuni.cz/~mikulas/mplayer-patchset/ --- you can apply them if
you want).

Attachments (1)

read_asf_header_patch.diff (381 bytes) - added by mikulas@… 13 years ago.
fix asf header error handling

Download all attachments as: .zip

Change History (5)

comment:1 Changed 13 years ago by reimar

Please retry with CVS and/or provide a sample. None of the code you changed
exists in that form in CVS anymore.

comment:2 Changed 13 years ago by mikulas@…

Hi

I tried CVS version. It doesn't crash (the limit is lifted to 1M), but return
value from read_asf_header is not checked --- i.e. if read_asf_header fails for
other reasons (you can just write return 0 on the beginning to test failures),
you still get a crash. This patch is fixes it --- with it, mplayer will properly
write error message and terminate on corrupted asf files.

Changed 13 years ago by mikulas@…

fix asf header error handling

comment:3 Changed 13 years ago by mikulas@…

If asf header contains error (you can test it so that you add return 0 to the
beginning of read_asf_header), mplayer will crash. This patch fixes it to exit
properly.

comment:4 Changed 13 years ago by reimar

  • Resolution set to fixed
  • Status changed from new to closed

Thanks, applied. Though I doubt anything short of a rewrite can really fix the
asf demuxer.

Note: See TracTickets for help on using tickets.