[FFmpeg-devel] [PATCH V2] libavformat/flacenc: reject too big picture blocks
Mattias Wadman
mattias.wadman at gmail.com
Wed Oct 30 15:04:19 EET 2019
Sorry i failed to get gmail to play nice with patches :( sent a new
message using git send-email, hope that works.
On Wed, Oct 30, 2019 at 12:51 PM Michael Niedermayer
<michael at niedermayer.cc> wrote:
>
> On Tue, Oct 29, 2019 at 02:42:47PM +0100, Mattias Wadman wrote:
> > A too big picture will case the muxer to write a truncated block size (uint24)
> > causing the output file to be corrupt.
> >
> > How to reproduce:
> >
> > Write a file with truncated block size:
> > ffmpeg -y -f lavfi -i sine -f lavfi -i color=red:size=2400x2400 -map
> > 0:a:0 -map 1:v:0 -c:v:0 bmp -disposition:1 attached_pic -t 1 test.flac
> >
> > Try to decode:
> > ffmpeg -i test.flac test.wav
> >
> > Signed-off-by: Mattias Wadman <mattias.wadman at gmail.com>
> > ---
> > libavformat/flacenc.c | 10 ++++++++--
> > 1 file changed, 8 insertions(+), 2 deletions(-)
> >
> > diff --git a/libavformat/flacenc.c b/libavformat/flacenc.c
> > index 93cc79bbe0..7b51c11404 100644
> > --- a/libavformat/flacenc.c
> > +++ b/libavformat/flacenc.c
> > @@ -93,7 +93,7 @@ static int flac_write_picture(struct AVFormatContext
> > *s, AVPacket *pkt)
> > AVDictionaryEntry *e;
> > const char *mimetype = NULL, *desc = "";
> > const AVStream *st = s->streams[pkt->stream_index];
> > - int i, mimelen, desclen, type = 0;
> > + int i, mimelen, desclen, type = 0, blocklen;
> >
> > if (!pkt->data)
> > return 0;
> > @@ -140,8 +140,14 @@ static int flac_write_picture(struct
> > AVFormatContext *s, AVPacket *pkt)
> > desc = e->value;
>
> Applying: libavformat/flacenc: reject too big picture blocks
> error: corrupt patch at line 10
>
> probably line/word wrap
>
> [...]
>
> --
> Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> If you fake or manipulate statistics in a paper in physics you will never
> get a job again.
> If you fake or manipulate statistics in a paper in medicin you will get
> a job for life at the pharma industry.
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
More information about the ffmpeg-devel
mailing list