[FFmpeg-devel] Issue on libavformat/aviobuf.c

Uoti Urpala uoti.urpala
Wed Sep 24 20:27:29 CEST 2008

On Wed, 2008-09-24 at 17:59 +0000, Andrew Wason wrote:
> Baptiste Coudurier <baptiste.coudurier <at> smartjog.com> writes:
> > 
> > Cannot reproduce the behavior using FFmpeg latest svn, possibly this
> > issue is related to mplayer ?
> This sounds like mplayer bug http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1267
> I attached a patch to that bug report which has been working for me.

What exactly is the MPlayer bug that is supposed to fix? That seeking to
a position past the end of the file does not work?

Even if it's only triggered by MPlayer in this case there is a real bug
in the libavformat mov demuxer. mov_read_udta() has this code:

        uint32_t tag_size = get_be32(pb);
        uint32_t tag      = get_le32(pb);
        uint64_t next     = url_ftell(pb) + tag_size - 8;

        if (next > end) // stop if tag_size is wrong

A sanity check for minimum tag size is missing. The code accepts
tag_size 0, and will then be stuck reading the same "0-sized" atom
without advancing in the stream.

More information about the ffmpeg-devel mailing list