[FFmpeg-devel] [PATCH 1/6] Refactor the 'fmt ' tag search and parsing

Michael Niedermayer michaelni at gmx.at
Tue May 17 22:27:28 CEST 2011 

On Tue, Mar 08, 2011 at 01:17:52PM +0100, Tomas Härdin wrote:
> Ronald S. Bultje skrev 2011-03-07 18:17:
>> Hi,
>>
>> On Fri, Mar 4, 2011 at 3:21 AM, Tomas Härdin<tomas.hardin at codemill.se>  wrote:
>>> diff --git a/libavformat/wav.c b/libavformat/wav.c
>> [..]
>>> +static int wav_parse_fmt_tag(AVFormatContext *s, int64_t size, AVStream **st)
>> [..]
>>> +    *st = av_new_stream(s, 0);
>>> +    if (!*st)
>>> +        return AVERROR(ENOMEM);
>>> +
>>> +    ff_get_wav_header(pb, (*st)->codec, size);
>>> +    (*st)->need_parsing = AVSTREAM_PARSE_FULL;
>>> +
>>> +    av_set_pts_info(*st, 64, 1, (*st)->codec->sample_rate);
>> [..]
>>> +        next_tag_ofs = url_ftell(pb) + size;
>>> +
>>> +        if (tag == MKTAG('f', 'm', 't', ' ')) {
>>> +            if ((ret = wav_parse_fmt_tag(s, size,&st)<  0))
>>> +                return ret;
>>> +
>>> +            got_fmt = 1;
>>
>> A security-type concern here (not really, but please let me elaborate)
>> is that you here allow "broken" files with multiple fmt chunks to set
>> up multiple AVStreams, which would never contain data and thus hang
>> for a long time in av_find_stream_info(). Probably a second fmt chunk
>> should be ignored/skipped.
>
> Hm, good point. Updated the patch with a check and a warning, meaning it  
> doesn't parse any extra fmt tags but warns the user.
>
> (accidentally sent this reply directly to Ronald's gmail initially,  
> instead of to the list)
>
> /Tomas

>  wav.c |   51 ++++++++++++++++++++++++++++++++++++---------------
>  1 file changed, 36 insertions(+), 15 deletions(-)
> e11af85a69cba8cc390f80f9f54682cc7501671a  0001-Refactor-the-fmt-tag-search-and-parsing.patch
> From e49e64501e2083c4fff1d0629e9a4470d979980a Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Tomas=20H=C3=A4rdin?= <tomas.hardin at codemill.se>
> Date: Thu, 17 Feb 2011 15:49:35 +0100
> Subject: [PATCH 1/6] Refactor the 'fmt ' tag search and parsing

applied

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I know you won't believe me, but the highest form of Human Excellence is
to question oneself and others. -- Socrates
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110517/1a886583/attachment.asc>

More information about the ffmpeg-devel mailing list