Crash on asf file

[mikulas@…]

I've seen this message and later crash in demux_asf_fill_buffer:

ASF file format detected.
FATAL: header size bigger than 64 kB (65661)!
Please contact MPlayer authors, and upload/send this file.
EXCEPTION: EXCEPTION READ PAGE FAULT AT 202484AC<demux_asf_fill_buffer+138>
(ADDRESS 00000000, ERROR VM FAULT).
MPlayer interrupted by signal 11 in module: demux_open

I've created patch for this problem. It

1. Fixes error handling so that it exits rather than crashes if error in asf

header is found.

2. Extends the header to 256kb --- with this change, the file plays fine.

The patch is available at
​http://urtax.ms.mff.cuni.cz/~mikulas/mplayer-patchset/crash-asf-header.diff

(there are other patches for crashes and bugs in mplayer-1.0pre7 at
​http://urtax.ms.mff.cuni.cz/~mikulas/mplayer-patchset/ --- you can apply them if
you want).

[reimar]

Please retry with CVS and/or provide a sample. None of the code you changed
exists in that form in CVS anymore.

[mikulas@…]

Hi

I tried CVS version. It doesn't crash (the limit is lifted to 1M), but return
value from read_asf_header is not checked --- i.e. if read_asf_header fails for
other reasons (you can just write return 0 on the beginning to test failures),
you still get a crash. This patch is fixes it --- with it, mplayer will properly
write error message and terminate on corrupted asf files.

[mikulas@…]

fix asf header error handling

[mikulas@…]

If asf header contains error (you can test it so that you add return 0 to the
beginning of read_asf_header), mplayer will crash. This patch fixes it to exit
properly.

[reimar]

Thanks, applied. Though I doubt anything short of a rewrite can really fix the
asf demuxer.