[FFmpeg-devel] [PATCH] asfdec fixes
Reimar Döffinger
Reimar.Doeffinger
Sat Dec 11 14:48:09 CET 2010
Hello,
here is a patch for two independent issues.
The first fixes http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1236 ,
due to get_buffer result not being checked, the asf demuxer may return
uninitialized data. I think this should be obvious and I intend to apply
soon. Note that usually we return partial packets, but this is difficult
for ASF due to its scrambling.
Also the ASF demuxer fails allocate and initialize extra padding data.
The below solution particularly good, IMO a demuxer should avoid fiddling with
"internals" like pkt.data.
Index: ffmpeg/libavformat/asfdec.c
===================================================================
--- ffmpeg/libavformat/asfdec.c (revision 25928)
+++ ffmpeg/libavformat/asfdec.c (working copy)
@@ -848,6 +848,7 @@
ASFContext *asf = s->priv_data;
ASFStream *asf_st = 0;
for (;;) {
+ int ret;
if(url_feof(pb))
return AVERROR_EOF;
if (asf->packet_size_left < FRAME_HEADER_SIZE
@@ -950,8 +951,10 @@
continue;
}
- get_buffer(pb, asf_st->pkt.data + asf->packet_frag_offset,
- asf->packet_frag_size);
+ ret = get_buffer(pb, asf_st->pkt.data + asf->packet_frag_offset,
+ asf->packet_frag_size);
+ if (ret != asf->packet_frag_size)
+ return ret >= 0 ? AVERROR_EOF : ret;
if (s->key && s->keylen == 20)
ff_asfcrypt_dec(s->key, asf_st->pkt.data + asf->packet_frag_offset,
asf->packet_frag_size);
@@ -977,7 +980,8 @@
av_log(s, AV_LOG_ERROR, "pkt.size != ds_packet_size * ds_span (%d %d %d)\n", asf_st->pkt.size, asf_st->ds_packet_size, asf_st->ds_span);
}else{
/* packet descrambling */
- uint8_t *newdata = av_malloc(asf_st->pkt.size);
+ uint8_t *newdata = av_malloc(asf_st->pkt.size + FF_INPUT_BUFFER_PADDING_SIZE);
+ memset(newdata + asf_st->pkt.size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
if (newdata) {
int offset = 0;
while (offset < asf_st->pkt.size) {
More information about the ffmpeg-devel
mailing list