From 2c4a8ba43fb2cbbda7f4393176b354749bb8f35d Mon Sep 17 00:00:00 2001 From: divverent Date: Tue, 16 Oct 2007 22:10:26 +0000 Subject: [PATCH] oops... buffer overflow after a 640GB video file... fixed :P git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@7637 d7cf8633-e32d-0410-b094-e92efae38249 --- cl_screen.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/cl_screen.c b/cl_screen.c index 196b5861..5da743c7 100644 --- a/cl_screen.c +++ b/cl_screen.c @@ -957,6 +957,9 @@ static void SCR_CaptureVideo_RIFF_MakeIxChunk(const char *fcc, const char *dwChu fs_offset_t ix = SCR_CaptureVideo_RIFF_GetPosition(); fs_offset_t pos; + if(*masteridx_count >= AVI_MASTER_INDEX_SIZE) + return; + nMatching = 0; // go through index and enumerate them for(i = 0; i < cls.capturevideo.riffindexbuffer.cursize; i += 16) if(!memcmp(cls.capturevideo.riffindexbuffer.data + i, dwChunkId, 4)) @@ -968,7 +971,7 @@ static void SCR_CaptureVideo_RIFF_MakeIxChunk(const char *fcc, const char *dwChu SCR_CaptureVideo_RIFF_Write32(nMatching); // nEntriesInUse SCR_CaptureVideo_RIFF_WriteFourCC(dwChunkId); // dwChunkId SCR_CaptureVideo_RIFF_Write32(cls.capturevideo.videofile_ix_movistart & (fs_offset_t) 0xFFFFFFFFu); - SCR_CaptureVideo_RIFF_Write32((cls.capturevideo.videofile_ix_movistart >> 16) >> 16); + SCR_CaptureVideo_RIFF_Write32(((long long) cls.capturevideo.videofile_ix_movistart) >> 32); SCR_CaptureVideo_RIFF_Write32(0); // dwReserved for(i = 0; i < cls.capturevideo.riffindexbuffer.cursize; i += 16) @@ -991,7 +994,7 @@ static void SCR_CaptureVideo_RIFF_MakeIxChunk(const char *fcc, const char *dwChu FS_Seek(cls.capturevideo.videofile, masteridx_start + 16 * *masteridx_count, SEEK_SET); SCR_CaptureVideo_RIFF_Write32(ix & (fs_offset_t) 0xFFFFFFFFu); - SCR_CaptureVideo_RIFF_Write32((ix >> 16) >> 16); + SCR_CaptureVideo_RIFF_Write32(((long long) ix) >> 32); SCR_CaptureVideo_RIFF_Write32(pos - ix); SCR_CaptureVideo_RIFF_Write32(nMatching); SCR_CaptureVideo_RIFF_Flush(); -- 2.39.2