[Ffmpeg-devel] [PATCH] mov.c clean and enhancements

[Michael Niedermayer]

Hi

On Sat, Feb 18, 2006 at 12:31:01AM +0100, Baptiste COUDURIER wrote:
> Hi,
> 
> 4 patches:
> 
> mov_stsd_audio_clean.patch:
> 
> Cleans reading stsd audio, and makes it more generic.
> 
> I realize that is a lot of code removal, but I guess it is better to now
> start fixing from a cleaner base, if some specific samples need special
> handling. I tested it against PCM, ALAC, AMR, QDM2, AAC.
> 
> If someone has time to do extensive tests it would be great.
> 
> mov_read_ftyp.patch:

applied


> 
> which add mov_read_ftyp to check iso media file type and set c->mp4.
> 
> mov_read_hdlr_simplify.patch:

applied


> 
> which simplify mov_read_hdlr :)
> 
> mov_in32_codec_support.patch:

applied


[...]
> +static int mov_read_alac(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
> +{
> +    AVStream *st = c->fc->streams[c->fc->nb_streams-1];
> +
> +    // currently ALAC decoder expect full atom header - so let's fake it
> +    // this should be fixed and just ALAC header should be passed
> +
> +    av_free(st->codec->extradata);
> +    st->codec->extradata_size = atom.size + 8;
> +    st->codec->extradata = (uint8_t*) av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
> +
> +    if (st->codec->extradata) {
> +        strcpy(st->codec->extradata + 4, "alac"); // fake
> +        get_buffer(pb, st->codec->extradata + 8, atom.size);
> +        dprintf("Reading alac %Ld  %s\n", atom.size, (char*)st->codec->extradata);
> +    } else
> +        url_fskip(pb, atom.size);
> +    return 0;

is there anything which prevents atom.size + 8 + FF_INPUT_BUFFER_PADDING_SIZE
from overflowing? if no then extradata will be too small and you have a heap
overflow


[...]

-- 
Michael