[Ffmpeg-devel] [PATCH] read pnm header correctly on buffer boundary

Michael Niedermayer michaelni
Sun Jun 18 00:43:15 CEST 2006


On Sun, Jun 18, 2006 at 12:05:27AM +0200, Christian Linhart wrote:
> Hello,
> I have encountered a bug which is triggered
> when using an image2pipe consisting of a lot of ppm images as input.
> The behavior is that the encoding stops with an error message.
> (older versions of ffmpeg continued
> to run with full CPU usage but doing nothing else)
> I debugged this and found out the following:
> The reason was that pnm_decode_header always assumes
> that the current buffer contains enough data to hold the entire header.
> With a longer image2pipe the chances are very high
> that in some place, there is an end of buffer just inside the 
> PNM-header, so
> parsing the PNM-header fails due to the missing data.
> (I reproduced it with a sequence of about 4000 images
> of resolution 1280x1024 --> this is more than 15GB of raw data.)
> I fixed the bug by making sure that pnm_decode_header
> gets at least 32 Bytes of real data.

this is not a solution, the header can be arbitrary long, containing
whitespace, comments and other stuff ...
pnm_decode_header() should check that the header isnt truncated 


> -    if(pnm_decode_header(avctx, s) < 0)
> +    if(pnm_decode_header(avctx, s) < 0) {
> +       av_log(avctx, AV_LOG_DEBUG, "ffmpeg: pnm_decode_frame: 
> pnm_decode_header error.\n");
>         return -1;
> +    }



Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

In the past you could go to a library and read, borrow or copy any book
Today you'd get arrested for mere telling someone where the library is

More information about the ffmpeg-devel mailing list