Heap corruption while parsing this AVI file

Added by Asdiel Echevarria over 5 years ago


I'm seeing a heap corruption and then a crash when parsing the attached file (readMetadata).

I tried to figure out the crash and it looks like this file has an INFO chunck that is bigger than 10000, which is the size of the buffer created in RiffVideo::infoTagsHandler(). Because it is bigger, it is writing outside the buffer when it reads from the stream.

I locally change the size to 100000 and this allowed my app to parse all videos in my PC without crashing, but I doubt that that is the proper solution.

I would love to hear from you guys what do you think the proper solution should be.


Replies (1)

RE: Heap corruption while parsing this AVI file - Added by Robin Mills over 5 years ago

Thanks for reporting this and providing a test file. We have a project in the schedule for v0.27 to harden the video code #1068. I have to learn more about the video standards to take on the hardening project, so I'm not yet in a position to say what the most appropriate fix should be. If it's working OK for you, that's fine for now. However I don't intend to make a permanent change to the code base without careful study.