[FFmpeg-devel] AVI DV patch

Dmitry Vassiliev slydiman
Fri Feb 29 04:40:00 CET 2008


Hi all

Some AVI DV files cause crash in av_find_stream_info().
avi_read_packet() tries to read a huge packet (the "size" variable is too big)
Probably checking (size < 0x01000000) may be helpful too.

AVI DV files created by SCLive may contain the following:
LIST....INFOTAPE....sclive.?TCOD....2155200000.?TCDO....7878800000.?
VMAJ....VMIN....CMNT....RATE....STAT....0 0 3500.000000....DTIM....29902976 756927104.?JUNK....

Note: the size followed by TAPE is 7, but the real offset of TCOD is 8.

It is my patch:
----------------------------------------------------------------------------------------------

Index: avidec.c
===================================================================
--- avidec.c    (revision 12276)
+++ avidec.c    (working copy)
@@ -750,7 +750,23 @@
         if(  (d[0] == 'i' && d[1] == 'x' && n < s->nb_streams)
         //parse JUNK
            ||(d[0] == 'J' && d[1] == 'U' && d[2] == 'N' && d[3] == 'K')
-           ||(d[0] == 'i' && d[1] == 'd' && d[2] == 'x' && d[3] == '1')){
+           ||(d[0] == 'i' && d[1] == 'd' && d[2] == 'x' && d[3] == '1')
+
+           // added by slydiman (SCLive DV files)
+           ||(d[0] == 'T' && d[1] == 'A' && d[2] == 'P' && d[3] == 'E')
+           ||(d[0] == 'T' && d[1] == 'C' && d[2] == 'O' && d[3] == 'D')
+           ||(d[0] == 'T' && d[1] == 'C' && d[2] == 'D' && d[3] == 'O')
+           ||(d[0] == 'V' && d[1] == 'M' && d[2] == 'A' && d[3] == 'J')
+           ||(d[0] == 'V' && d[1] == 'M' && d[2] == 'I' && d[3] == 'N')
+           ||(d[0] == 'C' && d[1] == 'M' && d[2] == 'N' && d[3] == 'T')
+           ||(d[0] == 'R' && d[1] == 'A' && d[2] == 'T' && d[3] == 'E')
+           ||(d[0] == 'S' && d[1] == 'T' && d[2] == 'A' && d[3] == 'T')
+           ||(d[0] == 'D' && d[1] == 'T' && d[2] == 'I' && d[3] == 'M')
+           
+           ){
+               // added by slydiman
+               if( (size & 1) != 0 )  ++size;
+
             url_fskip(pb, size);
 //av_log(NULL, AV_LOG_DEBUG, "SKIP\n");
             goto resync;
Index: riff.c
===================================================================
--- riff.c      (revision 12276)
+++ riff.c      (working copy)
@@ -88,6 +88,10 @@
     { CODEC_ID_DVVIDEO, MKTAG('d', 'v', 's', 'l') },
     { CODEC_ID_DVVIDEO, MKTAG('d', 'v', '2', '5') },
     { CODEC_ID_DVVIDEO, MKTAG('d', 'v', '5', '0') },
+
+    // added by slydiman    
+    { CODEC_ID_DVVIDEO, MKTAG('c', 'd', 'v', 'c') },    // Canopus DV
+
     { CODEC_ID_MPEG1VIDEO, MKTAG('m', 'p', 'g', '1') },
     { CODEC_ID_MPEG1VIDEO, MKTAG('m', 'p', 'g', '2') },
     { CODEC_ID_MPEG2VIDEO, MKTAG('m', 'p', 'g', '2') },

----------------------------------------------------------------------------------------------

Thanks,
Dmitry

http://slydiman.narod.ru/
Skype: slydiman





More information about the ffmpeg-devel mailing list