[FFmpeg-devel] [PATCH] Core Audio Format demuxer (v5)

Peter Ross pross
Tue Sep 8 12:44:43 CEST 2009 

On Mon, Sep 07, 2009 at 06:26:48PM +0200, Michael Niedermayer wrote:
> On Sun, Sep 06, 2009 at 08:57:43PM +1000, Peter Ross wrote:
> > On Sat, Sep 05, 2009 at 05:13:05AM +0200, Michael Niedermayer wrote:
> > > On Wed, Aug 26, 2009 at 08:19:26PM +1000, Peter Ross wrote:
> > > > On Sat, Aug 15, 2009 at 12:08:35PM +0200, Diego Biurrun wrote:
> > > > > On Sat, Aug 15, 2009 at 05:35:42PM +1000, Peter Ross wrote:
> > > > > > 
> > > > > > Revised patch enclosed.
> > > > > 
> > > > > .. some nitpicks ..
> > > > 
> > > > Ok. Revised patched enclosed.
> > 
> > Next revision of patch enclosed. I have addressed all of Michael's
> > comments.
> > 

> [...]
> >  utils.c |   14 ++++++++++++--
> >  1 file changed, 12 insertions(+), 2 deletions(-)
> > 81e41f9f083c5af8b752ce271be0b6cbf24bba64  channel-validate.diff
> > diff --git a/libavformat/utils.c b/libavformat/utils.c
> > index 59fefd2..ac065c5 100644
> > --- a/libavformat/utils.c
> > +++ b/libavformat/utils.c
> > @@ -354,7 +354,7 @@ int av_open_input_stream(AVFormatContext **ic_ptr,
> >                           ByteIOContext *pb, const char *filename,
> >                           AVInputFormat *fmt, AVFormatParameters *ap)
> >  {
> > -    int err;
> > +    int err, i;
> >      AVFormatContext *ic;
> >      AVFormatParameters default_ap;
> >  
> > @@ -394,6 +394,17 @@ int av_open_input_stream(AVFormatContext **ic_ptr,
> >              goto fail;
> >      }
> >  
> > +#define SANE_NB_CHANNELS 128
> > +    for(i=0;i<ic->nb_streams;i++) {
> > +        AVStream *st = ic->streams[i];
> > +        if (st->codec->codec_type == CODEC_TYPE_AUDIO &&
> > +            st->codec->channels > SANE_NB_CHANNELS) {
> > +            av_log(ic, AV_LOG_ERROR, "Stream #%d is corrupt\n", i);
> > +            err = AVERROR_INVALIDDATA;
> > +            goto fail;
> > +        }
> > +    }
> > +
> >      if (pb && !ic->data_offset)
> >          ic->data_offset = url_ftell(ic->pb);
> >  
> 
> i would have thought that the check could be put in avcodec_open() there
>  is alraedy a check for width/height there and it would also catch
> lavc without lavf but maybe just checking there isnt enough

True. The intent of this is to protect *codecs* from overflowing when
supplied with large nb channels. I have moved the logic to libavcodec.

-- Peter
(A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: channel-validate-r2.diff
Type: text/x-diff
Size: 763 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090908/c4458d03/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090908/c4458d03/attachment.pgp>

More information about the ffmpeg-devel mailing list