[FFmpeg-devel] [PATCH] Fix possible SIGFPEs with bad mov timings. Based on chromium patch 35_mov_bad_timings.patch

Albert J. Wong (王重傑) ajwong
Thu Nov 19 22:22:57 CET 2009


On Thu, Nov 19, 2009 at 1:15 PM, Baptiste Coudurier <
baptiste.coudurier at gmail.com> wrote:

> On 11/19/2009 01:10 PM, Albert J. Wong (???) wrote:
>
>> On Thu, Nov 19, 2009 at 11:52 AM, Ronald S. Bultje<rsbultje at gmail.com
>> >wrote:
>>
>>  Hi,
>>>
>>> On Thu, Nov 19, 2009 at 2:37 PM, Albert J. Wong (???)
>>> <ajwong at chromium.org>  wrote:
>>>
>>>> How about something like
>>>>
>>>> if (c->time_scale<  0)
>>>>  return AVERROR_INVALIDDATA;
>>>> else if (!c->time_scale)
>>>>  c->time_scale = 1;
>>>> if (sc->time_scale<=0) {
>>>>   // the log message whatever that was...
>>>>  sc_time_scape = c->time_scale;
>>>> }
>>>>
>>>> ?
>>>>
>>>> That lets us handle the raw case, and chooses to ignore the potentially
>>>> negative values.  Is there's a better middle ground that I'm missing?
>>>>
>>>
>>> Putting this in any (=>  every) demuxer is silly, imo.
>>>
>>>
>>>  What's a better solution then?
>>
>
> Handling this problem in av_set_pts_info, I think.


What about the other places where time_scale is used in an av_rescale, or
used in regular math.  Here's a few lines of code:

mov.c:1509            st->codec->bit_rate =
stream_size*8*sc->time_scale/st->duration;

mov.c:1638  st->codec->frame_size = av_rescale(sc->stts_data[0].duration,
mov.c:1639
st->codec->sample_rate, sc->time_scale);

mov.c:2167        int64_t dts = av_rescale(current_sample->timestamp,
AV_TIME_BASE, msc->time_scale);


I'm not familiar enough with the code to fully understand what would happen
if the bitrate ended up being negative, or the frame_size ended up being
negative (or a really big unsigned), but that kind of behavior has a
tendency to feel like a pot of security or crashes waiting to be found.

-Albert



More information about the ffmpeg-devel mailing list