[Ffmpeg-devel] [PATCH] different vorbis extradata handling
Michael Niedermayer
michaelni
Fri May 13 01:04:45 CEST 2005
Hi
On Friday 13 May 2005 00:40, Nico Sabbi wrote:
> Hi,
> following yesterday's discussion about the management of vorbis extradata
> I patched oggvorbis.c, matroska.c and oggparsevorbis.c to follow
> matroska's model.
> Note: there's a xiphlacing() function duplicated in ogg*.c as
> file-static, because
> I don't know where it should stay. If you tell me where I will update
> the patch.
in libavcodec, not sure where its best though, common.c maybe
[...]
> +static inline unsigned int xiphlacing(unsigned char *s, unsigned int v)
> +{
> + unsigned int n = 0;
> +
> + while(v >= 0xff)
> + {
> + *s++ = 0xff;
> + v -= 0xff;
> + n++;
> + }
> + *s = v;
> + n++;
> +
> + return n;
> +}
> +
> +static unsigned int fixup_vorbis_headers(AVFormatContext * as,
oggvorbis_private_t *priv, unsigned char **buf)
> +{
> + int i,offset;
> + unsigned char *ptr;
> +
> + ptr = *buf = (unsigned char*)av_mallocz(priv->len[0] + priv->len[1] +
priv->len[2] + 64);
> +
> + ptr[0] = 2;
> + offset = 1;
> + offset += xiphlacing(&ptr[offset], priv->len[0]);
> + offset += xiphlacing(&ptr[offset], priv->len[1]);
looks possibly exploitable if a packet is larger then 64*255= 16320
> st->codec.extradata_size = extradata_size;
> + av_log(matroska->ctx, AV_LOG_INFO, "EXTRA: %p, SIZE: %d\n",
extradata, extradata_size);
> } else if(track->codec_priv && track->codec_priv_size > 0){
hmm forgoten debug av_log() ?
[...]
--
Michael
More information about the ffmpeg-devel
mailing list