[FFmpeg-devel] [PATCH 2/4] h264_mp4toannexb_bsf: Improve extradata overread checks
Michael Niedermayer
michael at niedermayer.cc
Wed Jul 24 10:43:58 EEST 2019
On Mon, Jul 22, 2019 at 05:27:13AM +0200, Andreas Rheinhardt wrote:
> 1. Currently during parsing the extradata, h264_mp4toannexb checks for
> overreads by adding the size of the current unit to the current position
> pointer and comparing this to the end position of the extradata. But
> pointer comparisons and pointer arithmetic is only defined if it does not
> exceed the object it is used on (one past the last element of an array
> is allowed, too). In practice, this might lead to overflows. Therefore
> the check has been changed.
> 2. The minimal size of an AVCDecoderConfigurationRecord is actually 7:
> Four bytes containing version, profile and level, one byte for length
> size and one byte each for the numbers of SPS and PPS. This has been
> changed. The byte for the number of PPS has been forgotten.
> 3. The earlier code also did not detect an error if the extradata ended
> directly after the last SPS in the SPS array (if any) although the
> number of PPS has to come afterwards. A check for this has been
> integrated into the general overread check.
what if there is no pps afterwards and instead in stream?
could this change break such streams ?
> 4. The earlier code also might overread when reading the size of the
> next unit. Given that this overread is not dangerous (the extradata is
> supposed to be padded), only a comment for it has been added; the error
> itself will be detected as part of the normal check for overreads.
>
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
> ---
> libavcodec/h264_mp4toannexb_bsf.c | 16 +++++++++-------
> 1 file changed, 9 insertions(+), 7 deletions(-)
changes feel ok but this should be split as they are independant issues
thanks
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Whats the most studid thing your enemy could do ? Blow himself up
Whats the most studid thing you could do ? Give up your rights and
freedom because your enemy blew himself up.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20190724/e7938867/attachment.sig>
More information about the ffmpeg-devel
mailing list