[FFmpeg-devel] [PATCH] fix parsing of broken mp3 streams

[Zdenek Kabelac]

Hi

Here is a small patch that fixes of running out-of-buffer in parsing
broken mp3 data stream.
This solution is rather a hotfix - better solution would be to check
at least one or two next mp3
frames in sequence whether they are part of the same audio stream or
some random junk
which has 0xfffx header inside. With this patch ugly noise could be
sometimes noticed.

Also questionable is whether it should return -1 if no header is found
or rather return skipped
bytes and out_size = 0 - as then usually such packet is rescaned
multiple times with
one-byte step forward...

Zdenek

- Fix buffer overrun
- Properly return parsed bytes together with skipped bytes

Index: libavcodec/mpegaudiodec.c
===================================================================
--- libavcodec/mpegaudiodec.c	(revision 18627)
+++ libavcodec/mpegaudiodec.c	(working copy)
@@ -2263,6 +2263,7 @@
     MPADecodeContext *s = avctx->priv_data;
     uint32_t header;
     int out_size;
+    int skipped = 0;
     OUT_INT *out_samples = data;

 retry:
@@ -2272,7 +2273,8 @@
     header = AV_RB32(buf);
     if(ff_mpa_check_header(header) < 0){
         buf++;
-//        buf_size--;
+        buf_size--;
+        skipped++;
         av_log(avctx, AV_LOG_ERROR, "Header missing skipping one byte.\n");
         goto retry;
     }
@@ -2303,7 +2305,7 @@
     }else
         av_log(avctx, AV_LOG_DEBUG, "Error while decoding MPEG audio
frame.\n"); //FIXME return -1 / but also return the number of bytes
consumed
     s->frame_size = 0;
-    return buf_size;
+    return buf_size + skipped;
 }

 static void flush(AVCodecContext *avctx){