[FFmpeg-devel] lavf probing

Michael Niedermayer michaelni
Sun Jun 10 02:50:21 CEST 2007


Hi

On Sat, Jun 09, 2007 at 07:22:17PM -0400, Ronald S. Bultje wrote:
> Hi,
> 
> I found a problem with *_probe() functions not doing bounds checks on
> AVProbeData input. I can submit a patch, but would rather prevent the
> obvious. Is a buffer in p->buf supposed to be expanded by
> FF_INPUT_BUFFER_PADDING_SIZE and if so, is a *_probe() supposed to be called
> only with p->buf_size > 0 && p->buf != NULL?
> 
> (This can happen if rtsp stream setup fails even though rtsp_read_header()
> succeeded, which means input reading in av_find_stream_info() fails, but
> codecs are unknown so it still tries to set the codec info without having
> any actual data. Result is it calling set_codec_from_probe_data() with
> p->buf_size = 0 && p->buf == NULL, which crashes in any probe function since
> none do bounds checks or buf!=NULL.)

grep is your friend
if you tried greping for PROBE in the public headers, you would have found
AVPROBE_PADDING_SIZE which i belive would awnser your question

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I count him braver who overcomes his desires than him who conquers his
enemies for the hardest victory is over self. -- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070610/72c574c5/attachment.pgp>



More information about the ffmpeg-devel mailing list