[FFmpeg-devel] [Ffmpeg-user] chroma errors on movie file.

Baptiste Coudurier baptiste.coudurier
Mon Oct 8 15:06:47 CEST 2007 

Hi

Michael Niedermayer wrote:
> On Sun, Oct 07, 2007 at 10:38:01PM +0200, Baptiste Coudurier wrote:
>> Hi
>>
>> Michael Niedermayer wrote:
>>>>>>>> [...]
>>>>>>>>
>>>>>>>> Ok, problem is that "fiel" atom parsing overwrites extradata in
>>>>>>>> mov_read_extradata (overwrite 'SMI ' atom), so decoder fails to decode
>>>>>>>> stream. Attached patch makes mov_read_extradata appending atoms in
>>>>>>>> extradata. svq3 decoder will search for 'SEQH' sequence (contained in
>>>>>>>> 'SMI ') in extradata.
>>>>>>>>
>>>>>>>> Michael is it ok for you ?
>>>>>>>
>>>>>>> yes, except:
>>>>>>>
>>>>>>> [...]
>>>>>>>
>>>>>>>> Index: libavformat/mov.c
>>>>>>>> ===================================================================
>>>>>>>> --- libavformat/mov.c	(revision 10249)
>>>>>>>> +++ libavformat/mov.c	(working copy)
>>>>>>>> @@ -470,14 +470,25 @@
>>>>>>>> static int mov_read_extradata(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
>>>>>>>> {
>>>>>>>>   AVStream *st = c->fc->streams[c->fc->nb_streams-1];
>>>>>>>> +    uint8_t *data_ptr;
>>>>>>>> +    if (st->codec->extradata) {
>>>>>>>> +        unsigned old_size = st->codec->extradata_size;
>>>>>>>> +        if((uint64_t)atom.size > (1<<30) - old_size - 8)
>>>>>>>> +            return -1;
>>>>>>>
>>>>>>> this check
>>>>>>> if old_size for example is 1<<30 this check fails
>>>>>>>
>>>>>> Humm it's late but if old_size is 1<<30 it must indeed fail, because new
>>>>>> atom size won't be < 1<<30. Or ?
>>>>>
>>>>> lets say it more precissely, the return -1 wont be executed if old_size=1<<30
>>>>>
>>>> Ok I see it now, what about that ?
>>>
>>> it might work but its a little obfuscated
>>>
>> Aie, well a bit :(
>> I can merge both tests, and add comments to explain why we are appending
>> atoms but code speaks for itself no ?
>>
>> Do you have a suggestion ? I'll code it, this bug needs to be fixed.
> 
> well, i think the following could replace the whole and be safe
> 
> uint64_t size= (uint64_t)st->codec->extradata_size + atom.size + 8 + FF_INPUT_BUFFER_PADDING_SIZE;
> if(size > INT_MAX || (uint64_t)atom.size > INT_MAX)
>     return -1;
> buf= av_realloc(st->codec->extradata, size);
> if(!buf)
>     return -1;
> st->codec->extradata= buf;
> buf+= st->codec->extradata_size;
> st->codec->extradata_size= size - FF_INPUT_BUFFER_PADDING_SIZE;
> AV_WB32(       buf    , atom.size + 8);
> AV_WL32(       buf + 4, atom.type);
> get_buffer(pb, buf + 8, atom.size);
> 

Great, works fine, tested with alac too, Applied.

-- 
Baptiste COUDURIER                              GnuPG Key Id: 0x5C1ABAAA
SMARTJOG S.A.                                    http://www.smartjog.com
Key fingerprint                 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
Phone: +33 1 49966312

More information about the ffmpeg-devel mailing list