[FFmpeg-devel] [PATCH]lavf/icodec: Improve probe function

Michael Bradshaw mjbshaw at gmail.com
Tue Jan 12 17:33:47 CET 2016


Overall it looks good. I thought it might overflow the buffer but with
AVPROBE_PADDING_SIZE it doesn't.

On Tue, Jan 12, 2016 at 7:09 AM, Carl Eugen Hoyos <cehoyos at ag.or.at> wrote:
> diff --git a/libavformat/icodec.c b/libavformat/icodec.c
> index 22e2099..9cf3dca 100644
> --- a/libavformat/icodec.c
> +++ b/libavformat/icodec.c
> @@ -27,6 +27,7 @@
>  #include "libavutil/intreadwrite.h"
>  #include "libavcodec/bytestream.h"
>  #include "libavcodec/bmp.h"
> +#include "libavcodec/png.h"
>  #include "avformat.h"
>  #include "internal.h"
>
> @@ -44,9 +45,30 @@ typedef struct {
>
>  static int probe(AVProbeData *p)
>  {
> -    if (AV_RL16(p->buf) == 0 && AV_RL16(p->buf + 2) == 1 && AV_RL16(p->buf + 4))
> -        return AVPROBE_SCORE_MAX / 4;
> -    return 0;
> +    unsigned i, frames = AV_RL16(p->buf + 4);
> +
> +    if (AV_RL16(p->buf) || AV_RL16(p->buf + 2) != 1 || !frames)
> +        return 0;
> +    for (i = 0; i < frames; i++) {
> +        unsigned offset;
> +        if (AV_RL16(p->buf + 10 + i * 16) & ~1) // color planes
> +            return FFMIN(i, AVPROBE_SCORE_MAX / 4);
> +        if (p->buf[13 + i * 16])
> +            return FFMIN(i, AVPROBE_SCORE_MAX / 4);
> +        if (AV_RL32(p->buf + 14 + i * 16) < 40)  // size
> +            return FFMIN(i, AVPROBE_SCORE_MAX / 4);
> +        offset = AV_RL32(p->buf + 18 + i * 16);
> +        if (offset < 22)
> +            return FFMIN(i, AVPROBE_SCORE_MAX / 4);
> +        if (offset + 8 > p->buf_size)
> +            return AVPROBE_SCORE_MAX / 4 + FFMIN(i, 1);
> +        if (p->buf[offset] != 40 && AV_RB64(p->buf + offset) != PNGSIG)
> +            return FFMIN(i, AVPROBE_SCORE_MAX / 4);
> +        if (i * 16 + 6 > p->buf_size)
> +            return AVPROBE_SCORE_MAX / 4;
> +    }
> +
> +    return AVPROBE_SCORE_MAX / 4 + 1;

A score of 26 seems low to me, but maybe that's just me.

>  }
>
>  static int read_header(AVFormatContext *s)

I checked all the various header bytes this would be checking and it
all looks good.


More information about the ffmpeg-devel mailing list