[FFmpeg-devel] [PATCH] check for mod by zero (issue 2502)

Justin Ruggles justin.ruggles
Sat Jan 8 21:45:48 CET 2011 

On 01/08/2011 01:52 PM, Daniel Kang wrote:

> On Sat, Jan 8, 2011 at 9:33 AM, Justin Ruggles <justin.ruggles at gmail.com>wrote:
> 
>>  On 01/07/2011 11:33 PM, Daniel Kang wrote:
>>> diff --git a/libavformat/vocdec.c b/libavformat/vocdec.c
>>> index 909520c..6c37246 100644
>>> --- a/libavformat/vocdec.c
>>> +++ b/libavformat/vocdec.c
>>> @@ -68,7 +68,7 @@ voc_get_packet(AVFormatContext *s, AVPacket *pkt,
>> AVStream *st, int max_size)
>>>      AVCodecContext *dec = st->codec;
>>>      ByteIOContext *pb = s->pb;
>>>      VocType type;
>>> -    int size;
>>> +    int size, tmp;
>>>      int sample_rate = 0;
>>>      int channels = 1;
>>>
>>> @@ -90,7 +90,11 @@ voc_get_packet(AVFormatContext *s, AVPacket *pkt,
>> AVStream *st, int max_size)
>>>              if (sample_rate)
>>>                  dec->sample_rate = sample_rate;
>>>              dec->channels = channels;
>>> -            dec->codec_id = ff_codec_get_id(ff_voc_codec_tags,
>> get_byte(pb));
>>> +            tmp = ff_codec_get_id(ff_voc_codec_tags, get_byte(pb));
>>> +            if (dec->codec_id != CODEC_ID_NONE)
>>> +                dec->codec_id = ff_codec_get_id(ff_voc_codec_tags,
>> get_byte(pb));
>>> +            else
>>> +                av_log(s, AV_LOG_ERROR, "Unknown codec ID, continuing to
>> decode\n");
>>>              dec->bits_per_coded_sample =
>> av_get_bits_per_sample(dec->codec_id);
>>>              voc->remaining_size -= 2;
>>>              max_size -= 2;
>>> @@ -113,7 +117,11 @@ voc_get_packet(AVFormatContext *s, AVPacket *pkt,
>> AVStream *st, int max_size)
>>>              dec->sample_rate = get_le32(pb);
>>>              dec->bits_per_coded_sample = get_byte(pb);
>>>              dec->channels = get_byte(pb);
>>> -            dec->codec_id = ff_codec_get_id(ff_voc_codec_tags,
>> get_le16(pb));
>>> +            tmp = ff_codec_get_id(ff_voc_codec_tags, get_byte(pb));
>>> +            if (dec->codec_id != CODEC_ID_NONE)
>>> +                dec->codec_id = ff_codec_get_id(ff_voc_codec_tags,
>> get_byte(pb));
>>> +            else
>>> +                av_log(s, AV_LOG_ERROR, "Unknown codec ID, continuing to
>> decode\n");
>>>              url_fskip(pb, 4);
>>>              voc->remaining_size -= 12;
>>>              max_size -= 12;
>>
>>
>> This is not correct.  It is reading the codec code twice. It is not
>> checking to make sure the final codec_id != CODEC_ID_NONE.  And it will
>> never set a valid codec_id. (note that in this case codec_id is not set
>> at read_header() as is normally the case for demuxers. it is set the
>> first time an audio packet is read)
>>
>> My suggestion:
>> switch(){
>> ...
>> case VOC_TYPE_VOICE_DATA:
>>    ...
>>    tmp_codec = ff_codec_get_id(ff_voc_codec_tags, get_byte(pb));
>>    if (dec->codec_id == CODEC_ID_NONE)
>>        dec->codec_id = tmp_codec;
>>    else if (tmp_codec != dec->codec_id)
>>        print AV_LOG_WARNING message about ignoring changed codec code
>>    ...
>> case VOC_TYPE_NEW_VOICE_DATA:
>>    same as above
>>    ...
>> }
>> if (dec->codec_id == CODEC_ID_NONE) {
>>    print error message
>>    return AVERROR(EINVAL);
>>  }
>>
>> -Justin
>>
> 
> I have updated the patch with your comments. I am not sure if
> sample_size can be negative or not, so I have just checked if it is not
> zero.


> +            tmp_codec = ff_codec_get_id(ff_voc_codec_tags, get_byte(pb));
> +            if (dec->codec_id == CODEC_ID_NONE)
> +                dec->codec_id = tmp_codec;
> +            else if (dec->codec_id != tmp_codec)
> +                av_log(s, AV_LOG_WARNING, "Ignoring change in codec, continuing to decode\n");


Technically, the demuxer does not decode, it demuxes.  I would just say
"Ignoring mid-stream change in audio codec".

-Justin

More information about the ffmpeg-devel mailing list