[FFmpeg-devel] [PATCH] Add support for large boxes(>32 bit)
Philip Langdale
philipl at overt.org
Wed May 20 19:47:22 CEST 2015
On 2015-05-20 07:40, Niklesh Lalwani wrote:
> From: Niklesh <niklesh.lalwani at iitb.ac.in>
>
> This patch is to be applied over the previous patch to fix movtext
> crashes (which is yet to be committed)
> Signed-off-by: Niklesh <niklesh.lalwani at iitb.ac.in>
> ---
> libavcodec/movtextdec.c | 11 ++++++++++-
> 1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/libavcodec/movtextdec.c b/libavcodec/movtextdec.c
> index 53ffef0..1a7c811 100644
> --- a/libavcodec/movtextdec.c
> +++ b/libavcodec/movtextdec.c
> @@ -96,7 +96,8 @@ static int mov_text_decode_frame(AVCodecContext
> *avctx,
> char *ptr = avpkt->data;
> char *end;
> //char *ptr_temp;
> - int text_length, tsmb_type, style_entries, tsmb_size, tracksize;
> + int text_length, tsmb_type, style_entries;
> + uint64_t tsmb_size, tracksize;
> int **style_start = {0,};
> int **style_end = {0,};
> int **style_flags = {0,};
> @@ -147,6 +148,14 @@ static int mov_text_decode_frame(AVCodecContext
> *avctx,
> tsmb_type = AV_RB32(tsmb);
> tsmb += 4;
>
> + if (tsmb_size == 1) {
> + if (tracksize + 16 > avpkt->size)
> + break;
You will need to adjust the "tracksize + 10" check for the style entry
count as well.
> + tsmb_size = AV_RB64(tsmb);
> + tsmb += 8;
> + tracksize += 8;
> + }
> +
> if (tracksize + tsmb_size > avpkt->size)
> break;
--phil
More information about the ffmpeg-devel
mailing list