[Ffmpeg-devel] [PATCH] read pnm header correctly on buffer boundary
Michael Niedermayer
michaelni
Sun Jun 18 00:43:15 CEST 2006
Hi
On Sun, Jun 18, 2006 at 12:05:27AM +0200, Christian Linhart wrote:
> Hello,
>
> I have encountered a bug which is triggered
> when using an image2pipe consisting of a lot of ppm images as input.
> The behavior is that the encoding stops with an error message.
> (older versions of ffmpeg continued
> to run with full CPU usage but doing nothing else)
>
> I debugged this and found out the following:
> The reason was that pnm_decode_header always assumes
> that the current buffer contains enough data to hold the entire header.
> With a longer image2pipe the chances are very high
> that in some place, there is an end of buffer just inside the
> PNM-header, so
> parsing the PNM-header fails due to the missing data.
> (I reproduced it with a sequence of about 4000 images
> of resolution 1280x1024 --> this is more than 15GB of raw data.)
>
> I fixed the bug by making sure that pnm_decode_header
> gets at least 32 Bytes of real data.
this is not a solution, the header can be arbitrary long, containing
whitespace, comments and other stuff ...
pnm_decode_header() should check that the header isnt truncated
[...]
> - if(pnm_decode_header(avctx, s) < 0)
> + if(pnm_decode_header(avctx, s) < 0) {
> + av_log(avctx, AV_LOG_DEBUG, "ffmpeg: pnm_decode_frame:
> pnm_decode_header error.\n");
> return -1;
> + }
AV_LOG_DEBUG -> AV_LOG_ERROR
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
In the past you could go to a library and read, borrow or copy any book
Today you'd get arrested for mere telling someone where the library is
More information about the ffmpeg-devel
mailing list