[FFmpeg-devel] [PATCH] mpegts.c: pat_cb(): ensure all PIDs are valid

Marton Balint cus at passwd.hu
Fri Nov 22 21:56:42 EET 2024 


On Fri, 15 Nov 2024, Scott Theisen wrote:

> originally from:
> https://github.com/MythTV/mythtv/commit/a1d4d112c3f962a85ddd6248592421171fc8331c
> referencing:
> https://code.mythtv.org/trac/ticket/1887
>
> ISO/IEC 13818-1:2021 specifies a valid range of [0x0010, 0x1FFE] in
> § 2.4.4.6 Semantic definition of fields in program association section
> and Table 2-3 – PID table
> ---
> libavformat/mpegts.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c
> index 78ab7f7efe..6d5dc3050b 100644
> --- a/libavformat/mpegts.c
> +++ b/libavformat/mpegts.c
> @@ -2580,6 +2580,12 @@ static void pat_cb(MpegTSFilter *filter, const uint8_t *section, int section_len
>             break;
>
>         av_log(ts->stream, AV_LOG_TRACE, "sid=0x%x pid=0x%x\n", sid, pmt_pid);
> +        if (pmt_pid <= 0x000F || pmt_pid >= 0x1FFF)
> +        {
> +            av_log(ts->stream, AV_LOG_ERROR, "Invalid PAT ignored "
> +                   "MPEG Program Number=0x%x pid=0x%x\n", sid, pmt_pid);
> +            return;
> +        }

Strictly speaking this is no longer needed, because the crash which is 
fixed by this is already fixed by the check above:

         if (pmt_pid == ts->current_pid)
             break;

Nevertheless, I am not against a more restrictive check for pids, so 
maybe extending the current check with this:

if (pmt_pid == ts->current_pid || pmt_pid <= 0x000F || pmt_pid >= 0x1FFF)

would be better. If you want to report an error however, maybe you should 
use av_log_once() to not spam the user about the same issue for every 
PAT packet?

Also you might consider using continue instead of return, after all there 
is a specific entry in the PAT which is bogus, maybe we should simply 
ignore only that entry.

Thanks,
Marton


>
>         if (sid == 0x0000) {
>             /* NIT info */
> -- 
> 2.43.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".

More information about the ffmpeg-devel mailing list