[FFmpeg-devel] [PATCH] read reel_name metadata from tmcd atom

Michael Niedermayer michaelni at gmx.at
Thu Aug 7 00:00:03 CEST 2014


On Wed, Aug 06, 2014 at 01:25:08PM -0700, Mark Reid wrote:
> ---
>  libavformat/mov.c | 20 ++++++++++++++++++++
>  1 file changed, 20 insertions(+)

do you have a sample / testcase that you can share ?


> 
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index ab85918..fb8d1fe 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -1529,6 +1529,26 @@ static int mov_parse_stsd_data(MOVContext *c, AVIOContext *pb,
>                  st->codec->flags2 |= CODEC_FLAG2_DROP_FRAME_TIMECODE;
>              st->codec->time_base.den = st->codec->extradata[16]; /* number of frame */
>              st->codec->time_base.num = 1;
> +            if (size > 26) {
> +                uint32_t len = AV_RB32(st->codec->extradata + 18); /* name atom length */
> +                uint32_t format = AV_RB32(st->codec->extradata + 22);

> +                if (format == AV_RB32("name") && size >= 18 + len) {

18 + len can overflow


> +                    uint16_t str_size = AV_RB16(st->codec->extradata + 26); /* string length */
> +                    char *reel_name = av_malloc(str_size + 1);
> +                    if (!reel_name)
> +                        return AVERROR(ENOMEM);
> +                    memcpy(reel_name, st->codec->extradata + 30, str_size);

this accesses extradata + 30, but the check is just for 26


> +                    reel_name[str_size] = 0; /* Add null terminator */
> +                    /* don't add reel_name if emtpy string */

> +                    if (strcmp(reel_name, "") == 0) {

*reel_name == 0

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Avoid a single point of failure, be that a person or equipment.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140807/7a493c8d/attachment.asc>


More information about the ffmpeg-devel mailing list