[Ffmpeg-devel] [PATCH] mov.c clean and enhancements
Michael Niedermayer
michaelni
Sat Feb 18 10:48:43 CET 2006
Hi
On Sat, Feb 18, 2006 at 12:31:01AM +0100, Baptiste COUDURIER wrote:
> Hi,
>
> 4 patches:
>
> mov_stsd_audio_clean.patch:
>
> Cleans reading stsd audio, and makes it more generic.
>
> I realize that is a lot of code removal, but I guess it is better to now
> start fixing from a cleaner base, if some specific samples need special
> handling. I tested it against PCM, ALAC, AMR, QDM2, AAC.
>
> If someone has time to do extensive tests it would be great.
>
> mov_read_ftyp.patch:
applied
>
> which add mov_read_ftyp to check iso media file type and set c->mp4.
>
> mov_read_hdlr_simplify.patch:
applied
>
> which simplify mov_read_hdlr :)
>
> mov_in32_codec_support.patch:
applied
[...]
> +static int mov_read_alac(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
> +{
> + AVStream *st = c->fc->streams[c->fc->nb_streams-1];
> +
> + // currently ALAC decoder expect full atom header - so let's fake it
> + // this should be fixed and just ALAC header should be passed
> +
> + av_free(st->codec->extradata);
> + st->codec->extradata_size = atom.size + 8;
> + st->codec->extradata = (uint8_t*) av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
> +
> + if (st->codec->extradata) {
> + strcpy(st->codec->extradata + 4, "alac"); // fake
> + get_buffer(pb, st->codec->extradata + 8, atom.size);
> + dprintf("Reading alac %Ld %s\n", atom.size, (char*)st->codec->extradata);
> + } else
> + url_fskip(pb, atom.size);
> + return 0;
is there anything which prevents atom.size + 8 + FF_INPUT_BUFFER_PADDING_SIZE
from overflowing? if no then extradata will be too small and you have a heap
overflow
[...]
--
Michael
More information about the ffmpeg-devel
mailing list