[FFmpeg-cvslog] Allow decoding of slightly broken Nikon avi files.

Reimar Döffinger Reimar.Doeffinger at gmx.de
Mon Jan 20 05:09:47 CET 2014


On 20.01.2014, at 04:43, git at videolan.org (Carl Eugen Hoyos) wrote:
> ffmpeg | branch: master | Carl Eugen Hoyos <cehoyos at ag.or.at> | Mon Jan 20 01:44:07 2014 +0100| [f9c2d4d17e3b18becb046d71811f9e8aa5946cf9] | committer: Carl Eugen Hoyos
> 
> Allow decoding of slightly broken Nikon avi files.
> 
> Fixes ticket #3330.
> 
>> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f9c2d4d17e3b18becb046d71811f9e8aa5946cf9
> ---
> 
> libavformat/avidec.c |    2 ++
> 1 file changed, 2 insertions(+)
> 
> diff --git a/libavformat/avidec.c b/libavformat/avidec.c
> index 1f9fa14..57fbcd7 100644
> --- a/libavformat/avidec.c
> +++ b/libavformat/avidec.c
> @@ -350,6 +350,8 @@ static void avi_read_nikon(AVFormatContext *s, uint64_t end)
>                 uint16_t size    = avio_rl16(s->pb);
>                 const char *name = NULL;
>                 char buffer[64]  = { 0 };
> +                if (avio_tell(s->pb) + size > tag_end)
> +                    size = tag_end - avio_tell(s->pb);

I don't think this is good, you basically calculate the same thing twice, but since it is done in different ways it can overflow in different cases.
That makes it rather hard to review.
size = FFMIN(size, tag_end - avio_tell(s->pb));
reduces it to one potential overflow.
Plus, it follows the rule "the least validated element should stand alone in conditions".
I do not know if a check for tag_end >= avio_tell might be necessary/useful though.


More information about the ffmpeg-cvslog mailing list