[FFmpeg-devel] [PATCH] libavformat/utils: Fix segfault on m4a cover artwork parsing
Lazaros Koromilas
lostd at 2f30.org
Wed May 28 16:35:10 CEST 2014
On Wed, May 28, 2014 at 03:48:25AM +0200, Michael Niedermayer wrote:
> On Tue, May 27, 2014 at 02:38:44PM +0300, Lazaros Koromilas wrote:
> > Hello list,
> >
> > I came across this bug when my MPD choked on some iTunes files while updating
> > its database. Turns out that I had a few m4a files with zero-length cover
> > artwork tags that triggered this. I've uploaded to the ftp server a sample
> > created from scratch with ffmpeg and TagLib under the name
> > segfault_avformat_cover_art.{m4a,txt}. The diff at the end avoids the crash,
> > but I don't know if the return code is appropriate. Maybe you want to simply
> > ignore those cases? Including valgring output also. I'm not on the list,
> > so please reply in person for anything else.
>
> patch applied
>
> thanks
>
> [...]
Hello again, I wasn't happy with the fix and did a little more
testing. This diff lets you extract other streams if needed. For
example in my case I can obtain a clean file with:
ffmpeg -i segfault_avformat_cover_art.m4a -acodec copy -map 0:0 out.m4a
Thanks,
Lazaros.
-------------- next part --------------
>From 06198f33915dd7264322ea13e996571962a00760 Mon Sep 17 00:00:00 2001
From: Lazaros Koromilas <lostd at 2f30.org>
Date: Wed, 28 May 2014 16:31:03 +0300
Subject: [PATCH] libavformat/utils: Warning about invalid cover art instead of
an error
This way other streams can still be used with the -map option.
---
libavformat/utils.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libavformat/utils.c b/libavformat/utils.c
index 3576279..d8f1363 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -517,8 +517,12 @@ int avformat_queue_attached_pictures(AVFormatContext *s)
if (s->streams[i]->disposition & AV_DISPOSITION_ATTACHED_PIC &&
s->streams[i]->discard < AVDISCARD_ALL) {
AVPacket copy = s->streams[i]->attached_pic;
- if (copy.size <= 0)
- return AVERROR(EINVAL);
+ if (copy.size <= 0) {
+ av_log(s, AV_LOG_WARNING,
+ "Attached picture on stream %d has invalid size, "
+ "ignoring\n", i);
+ continue;
+ }
copy.buf = av_buffer_ref(copy.buf);
if (!copy.buf)
return AVERROR(ENOMEM);
--
1.9.2
More information about the ffmpeg-devel
mailing list