[FFmpeg-devel] [PATCH] flvdec: Check the avio_seek return value after reading a metadata packet

Steven Liu lingjiujianke at gmail.com
Thu Sep 7 03:32:10 EEST 2017


2017-09-06 0:38 GMT+08:00 Steven Liu <lq at chinaffmpeg.org>:
> COPY FROM libav Martin Storsjö <martin at martin.st>
>
> If the metadata packet is corrupted, flv_read_metabody can accidentally
> read past the start of the next packet. If the start of the next packet
> had been flushed out of the IO buffer, we would be unable to seek to
> the right position (on a nonseekable stream).
>
> Prefer to clearly error out instead of silently trying to read from a
> desynced stream which will only be interpreted as garbage.
>
> Signed-off-by: Steven Liu <lq at chinaffmpeg.org>
> ---
>  libavformat/flvdec.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
> index 2e70352c53..2d89bef15f 100644
> --- a/libavformat/flvdec.c
> +++ b/libavformat/flvdec.c
> @@ -1015,7 +1015,13 @@ retry:
>                     "Skipping flv packet: type %d, size %d, flags %d.\n",
>                     type, size, flags);
>  skip:
> -            avio_seek(s->pb, next, SEEK_SET);
> +            if (avio_seek(s->pb, next, SEEK_SET) != next) {
> +                 // This can happen if flv_read_metabody above read past
> +                 // next, on a non-seekable input, and the preceding data has
> +                 // been flushed out from the IO buffer.
> +                 av_log(s, AV_LOG_ERROR, "Unable to seek to the next packet\n");
> +                 return AVERROR_INVALIDDATA;
> +            }
>              ret = FFERROR_REDO;
>              goto leave;
>          }
> --
> 2.11.0 (Apple Git-81)
>
>
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel


pushed


More information about the ffmpeg-devel mailing list