[FFmpeg-devel] [PATCH 2/8] avformat/mov: Support size = 1 and size = 0 special cases in probing
Michael Niedermayer
michael at niedermayer.cc
Wed Feb 10 19:59:06 EET 2021
On Mon, Feb 08, 2021 at 02:25:50PM +0100, Michael Niedermayer wrote:
> On Sat, Feb 06, 2021 at 11:33:38AM -0800, Chad Fraleigh wrote:
> > On 2/6/2021 9:22 AM, Michael Niedermayer wrote:
> > > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > > ---
> > > libavformat/mov.c | 5 +++++
> > > 1 file changed, 5 insertions(+)
> > >
> > > diff --git a/libavformat/mov.c b/libavformat/mov.c
> > > index 9406e42f49..70f76caff5 100644
> > > --- a/libavformat/mov.c
> > > +++ b/libavformat/mov.c
> > > @@ -7113,6 +7113,11 @@ static int mov_probe(const AVProbeData *p)
> > > if ((offset + 8) > (unsigned int)p->buf_size)
> > > break;
> > > size = AV_RB32(p->buf + offset);
> > > + if (size == 1 && offset + 16 > (unsigned int)p->buf_size) {
> > > + size = AV_RB64(p->buf+offset + 8);
> >
> > Just curious, what happens when size == 1 and the buffer is too small? Is
> > leaving it as a size of 1 still valid, or should it be handled as a format
> > error (e.g. abort the loop)?
>
> The buffer must have a minimum padding of AVPROBE_PADDING_SIZE
> so the buffer cannot be too small. This extra padding requirement is
> there for exactly cases like this, otherwise alot more checks would be
> needed in many probe functions
will apply
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
There will always be a question for which you do not know the correct answer.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20210210/f5ad8d94/attachment.sig>
More information about the ffmpeg-devel
mailing list