[FFmpeg-devel] [PATCH] cafdec: fix parsing of chunks which may have unused data
Michael Niedermayer
michaelni at gmx.at
Sat Oct 27 00:40:57 CEST 2012
On Fri, Oct 26, 2012 at 02:18:55PM +0000, Paul B Mahol wrote:
> Specification mentions 'strg', 'mark', 'regn' and 'info' chunks
> to have data section size larger than chunk's current meaningful
> content in order to reserve room for additional data.
>
> Signed-off-by: Paul B Mahol <onemda at gmail.com>
> ---
> libavformat/cafdec.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c
> index a576dac..5657f7e 100644
> --- a/libavformat/cafdec.c
> +++ b/libavformat/cafdec.c
> @@ -225,7 +225,7 @@ static int read_header(AVFormatContext *s)
> AVStream *st;
> uint32_t tag = 0;
> int found_data, ret;
> - int64_t size;
> + int64_t size, pos;
>
> avio_skip(pb, 8); /* magic, version, file flags */
>
> @@ -254,6 +254,7 @@ static int read_header(AVFormatContext *s)
>
> tag = avio_rb32(pb);
> size = avio_rb64(pb);
> + pos = avio_tell(pb);
> if (url_feof(pb))
> break;
>
> @@ -299,6 +300,9 @@ static int read_header(AVFormatContext *s)
> avio_skip(pb, size);
> break;
> }
> +
> + if (size > 0)
> + avio_skip(pb, FFMAX(0, (pos + size) - avio_tell(pb)));
this can overflow, also the avio_skip size becomes unneeded with this
patch
otherwise LGTM
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
it is not once nor twice but times without number that the same ideas make
their appearance in the world. -- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20121027/c1bab5e9/attachment.asc>
More information about the ffmpeg-devel
mailing list