[FFmpeg-cvslog] asfdec: check ff_get_guid() return values during seeking

Janne Grunau git at videolan.org
Wed Feb 12 16:15:26 CET 2014


ffmpeg | branch: master | Janne Grunau <janne-libav at jannau.net> | Tue Feb 11 15:13:31 2014 +0100| [0ebb523f072322972ea446616676fff32e9603c6] | committer: Janne Grunau

asfdec: check ff_get_guid() return values during seeking

Hitting EOF during seeking is quite likely. Fixes use of uninitialized
data during fate-seek-lavf-asf.

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0ebb523f072322972ea446616676fff32e9603c6
---

 libavformat/asfdec.c |   26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
index 5b4366e..e754cb2 100644
--- a/libavformat/asfdec.c
+++ b/libavformat/asfdec.c
@@ -1387,33 +1387,35 @@ static int64_t asf_read_pts(AVFormatContext *s, int stream_index,
     return pts;
 }
 
-static void asf_build_simple_index(AVFormatContext *s, int stream_index)
+static int asf_build_simple_index(AVFormatContext *s, int stream_index)
 {
     ff_asf_guid g;
     ASFContext *asf     = s->priv_data;
     int64_t current_pos = avio_tell(s->pb);
-    int i;
+    int i, ret = 0;
 
     avio_seek(s->pb, asf->data_object_offset + asf->data_object_size, SEEK_SET);
-    ff_get_guid(s->pb, &g);
+    if ((ret = ff_get_guid(s->pb, &g)) < 0)
+        goto end;
 
     /* the data object can be followed by other top-level objects,
      * skip them until the simple index object is reached */
     while (ff_guidcmp(&g, &index_guid)) {
         int64_t gsize = avio_rl64(s->pb);
         if (gsize < 24 || s->pb->eof_reached) {
-            avio_seek(s->pb, current_pos, SEEK_SET);
-            return;
+            goto end;
         }
         avio_skip(s->pb, gsize - 24);
-        ff_get_guid(s->pb, &g);
+        if ((ret = ff_get_guid(s->pb, &g)) < 0)
+            goto end;
     }
 
     {
         int64_t itime, last_pos = -1;
         int pct, ict;
         int64_t av_unused gsize = avio_rl64(s->pb);
-        ff_get_guid(s->pb, &g);
+        if ((ret = ff_get_guid(s->pb, &g)) < 0)
+            goto end;
         itime = avio_rl64(s->pb);
         pct   = avio_rl32(s->pb);
         ict   = avio_rl32(s->pb);
@@ -1436,7 +1438,11 @@ static void asf_build_simple_index(AVFormatContext *s, int stream_index)
         }
         asf->index_read = ict > 0;
     }
+end:
+    if (s->pb->eof_reached)
+        ret = 0;
     avio_seek(s->pb, current_pos, SEEK_SET);
+    return ret;
 }
 
 static int asf_read_seek(AVFormatContext *s, int stream_index,
@@ -1445,7 +1451,7 @@ static int asf_read_seek(AVFormatContext *s, int stream_index,
     ASFContext *asf = s->priv_data;
     AVStream *st    = s->streams[stream_index];
     int64_t pos;
-    int index;
+    int index, ret = 0;
 
     if (s->packet_size <= 0)
         return -1;
@@ -1460,9 +1466,9 @@ static int asf_read_seek(AVFormatContext *s, int stream_index,
     }
 
     if (!asf->index_read)
-        asf_build_simple_index(s, stream_index);
+        ret = asf_build_simple_index(s, stream_index);
 
-    if ((asf->index_read && st->index_entries)) {
+    if (!ret && asf->index_read && st->index_entries) {
         index = av_index_search_timestamp(st, pts, flags);
         if (index >= 0) {
             /* find the position */



More information about the ffmpeg-cvslog mailing list