[FFmpeg-cvslog] avformat/iamf_parse: ignore Audio Elements with an unsupported type

James Almer git at videolan.org
Thu Aug 15 05:59:55 EEST 2024


ffmpeg | branch: master | James Almer <jamrial at gmail.com> | Wed Aug 14 13:46:53 2024 -0300| [66c05dc03163998fb9a90ebd53e2c39a4f95b7ea] | committer: James Almer

avformat/iamf_parse: ignore Audio Elements with an unsupported type

Better fix for the NULL pointer dereference from d7f83fc2f423.

Signed-off-by: James Almer <jamrial at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=66c05dc03163998fb9a90ebd53e2c39a4f95b7ea
---

 libavformat/iamf_parse.c | 9 +++++++--
 libavformat/iamfdec.c    | 2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/libavformat/iamf_parse.c b/libavformat/iamf_parse.c
index 296e49157b..bc8d726b53 100644
--- a/libavformat/iamf_parse.c
+++ b/libavformat/iamf_parse.c
@@ -636,6 +636,12 @@ static int audio_element_obu(void *s, IAMFContext *c, AVIOContext *pb, int len)
         }
 
     audio_element_type = avio_r8(pbc) >> 5;
+    if (audio_element_type > AV_IAMF_AUDIO_ELEMENT_TYPE_SCENE) {
+        av_log(s, AV_LOG_DEBUG, "Unknown audio_element_type referenced in an audio element. Ignoring\n");
+        ret = 0;
+        goto fail;
+    }
+
     codec_config_id = ffio_read_leb(pbc);
 
     codec_config = ff_iamf_get_codec_config(c, codec_config_id);
@@ -751,8 +757,7 @@ static int audio_element_obu(void *s, IAMFContext *c, AVIOContext *pb, int len)
         if (ret < 0)
             goto fail;
     } else {
-        unsigned audio_element_config_size = ffio_read_leb(pbc);
-        avio_skip(pbc, audio_element_config_size);
+        av_assert0(0);
     }
 
     c->audio_elements[c->nb_audio_elements++] = audio_element;
diff --git a/libavformat/iamfdec.c b/libavformat/iamfdec.c
index 2e6608b868..ce6d4aa064 100644
--- a/libavformat/iamfdec.c
+++ b/libavformat/iamfdec.c
@@ -107,7 +107,7 @@ static int iamf_read_header(AVFormatContext *s)
             if (ret < 0)
                 return ret;
 
-            if (!i && !j && audio_element->nb_layers && audio_element->layers[0].substream_count == 1)
+            if (!i && !j && audio_element->layers[0].substream_count == 1)
                 st->disposition |= AV_DISPOSITION_DEFAULT;
             else
                 st->disposition |= AV_DISPOSITION_DEPENDENT;



More information about the ffmpeg-cvslog mailing list