[FFmpeg-devel] [PATCH] oggparsevorbis: protection from rotten oggs

David Conrad lessen42
Sat Aug 7 23:14:13 CEST 2010


On Aug 7, 2010, at 4:02 PM, Alex Converse wrote:

> The patch adds some sanity checks for requirements of a valid Vorbis I
> stream from 4.2.1 and 4.2.2 to oggparsevorbis.c.

> Index: libavformat/oggparsevorbis.c
> ===================================================================
> --- libavformat/oggparsevorbis.c	(revision 24726)
> +++ libavformat/oggparsevorbis.c	(working copy)
> @@ -206,6 +206,12 @@
>          return -1;
>  
>      priv = os->private;
> +
> +    if (priv->packet[pkt_type>>1])
> +        return -1;
> +    if (pkt_type > 1 && !priv->packet[0] || pkt_type > 3 && !priv->packet[1])
> +        return -1;
> +
>      priv->len[pkt_type >> 1] = os->psize;
>      priv->packet[pkt_type >> 1] = av_mallocz(os->psize);
>      memcpy(priv->packet[pkt_type >> 1], os->buf + os->pstart, os->psize);

OK

> @@ -220,7 +226,11 @@
>              return -1;
>  
>          st->codec->channels = bytestream_get_byte(&p);
> +        if (!st->codec->channels)
> +            return -1;
>          st->codec->sample_rate = bytestream_get_le32(&p);
> +        if (st->codec->sample_rate <= 0)
> +            return -1;
>          p += 4; // skip maximum bitrate
>          st->codec->bit_rate = bytestream_get_le32(&p); // nominal bitrate
>          p += 4; // skip minimum bitrate

I'm sure there are other containers/codecs that don't check these for nonzero and/or positive, there isn't a check in utils.c or similar?



More information about the ffmpeg-devel mailing list