[FFmpeg-devel] [PATCH 6/9] avformat/wavdec: fix s337m/spdif probing beyond data_end
Gaullier Nicolas
nicolas.gaullier at cji.paris
Mon Jan 13 16:52:54 EET 2020
>> diff --git a/libavformat/wavdec.c b/libavformat/wavdec.c index
>> 2796905e1f..ccb9576b84 100644
>> --- a/libavformat/wavdec.c
>> +++ b/libavformat/wavdec.c
>> @@ -78,7 +78,7 @@ static void set_spdif_s337m(AVFormatContext *s, WAVDemuxContext *wav)
>> ret = AVERROR(ENOMEM);
>> } else {
>> int64_t pos = avio_tell(s->pb);
>> - len = ret = avio_read(s->pb, buf, len);
>> + len = ret = avio_read(s->pb, buf, FFMIN(len,
>> + wav->data_end - pos));
>> if (len >= 0) {
>> ret = ff_spdif_probe(buf, len, &codec);
>> if (ret > AVPROBE_SCORE_EXTENSION) {
>
>Looks OK. I suppose this fixes a potential SIGSEGV too?
AVIO would just stop at EOF, I don't think a SIGSEGV could occur in any scenario.
This fix only affects probing (ie. reading start of file) in a surprising scenario where the data chunk would not extend to the end of the file.
This is many IF and I find it unlikely, but I think it should be fixed anyway.
Nicolas
More information about the ffmpeg-devel
mailing list