From 58834653c01d95196d4efa012e49fd6a1c270851 Mon Sep 17 00:00:00 2001 From: reimar Date: Sun, 12 Jun 2011 09:57:07 +0000 Subject: [PATCH] dvdnav: make mp_dvdnav_save_smpi() more robust Make mp_dvdnav_save_smpi more robust and ensure consistency of nav buffer. It seems that in_size could be negative sometimes, this would cause crashes if the malloc somehow succeeded. git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@33599 b3059339-0415-0410-9bf9-f77b7e298cf2 --- mplayer.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/mplayer.c b/mplayer.c index 44b6789603..80e7a8d20e 100644 --- a/mplayer.c +++ b/mplayer.c @@ -2272,7 +2272,7 @@ static mp_image_t *mp_dvdnav_restore_smpi(struct MPContext *mpctx, if (mpctx->stream->type != STREAMTYPE_DVDNAV) return decoded_frame; - /// a change occured in dvdnav stream + /// a change occurred in dvdnav stream if (mp_dvdnav_cell_has_changed(mpctx->stream,0)) { mp_dvdnav_read_wait(mpctx->stream, 1, 1); mp_dvdnav_context_free(mpctx); @@ -2317,12 +2317,16 @@ static void mp_dvdnav_save_smpi(struct MPContext *mpctx, int in_size, return; free(mpctx->nav_buffer); + mpctx->nav_buffer = NULL; + mpctx->nav_start = NULL; + mpctx->nav_in_size = -1; - mpctx->nav_buffer = malloc(in_size); - mpctx->nav_start = start; - mpctx->nav_in_size = mpctx->nav_buffer ? in_size : -1; - if (mpctx->nav_buffer) + if (in_size > 0) + mpctx->nav_buffer = malloc(in_size); + if (mpctx->nav_buffer) { + mpctx->nav_start = start; memcpy(mpctx->nav_buffer,start,in_size); + } if (decoded_frame && mpctx->nav_smpi != decoded_frame) mpctx->nav_smpi = mp_dvdnav_copy_mpi(mpctx->nav_smpi,decoded_frame);