[FFmpeg-devel] [PATCH 1/6] Refactor the 'fmt ' tag search and parsing
Tomas Härdin
tomas.hardin
Tue Mar 8 13:17:52 CET 2011
Ronald S. Bultje skrev 2011-03-07 18:17:
> Hi,
>
> On Fri, Mar 4, 2011 at 3:21 AM, Tomas H?rdin<tomas.hardin at codemill.se> wrote:
>> diff --git a/libavformat/wav.c b/libavformat/wav.c
> [..]
>> +static int wav_parse_fmt_tag(AVFormatContext *s, int64_t size, AVStream **st)
> [..]
>> + *st = av_new_stream(s, 0);
>> + if (!*st)
>> + return AVERROR(ENOMEM);
>> +
>> + ff_get_wav_header(pb, (*st)->codec, size);
>> + (*st)->need_parsing = AVSTREAM_PARSE_FULL;
>> +
>> + av_set_pts_info(*st, 64, 1, (*st)->codec->sample_rate);
> [..]
>> + next_tag_ofs = url_ftell(pb) + size;
>> +
>> + if (tag == MKTAG('f', 'm', 't', ' ')) {
>> + if ((ret = wav_parse_fmt_tag(s, size,&st)< 0))
>> + return ret;
>> +
>> + got_fmt = 1;
>
> A security-type concern here (not really, but please let me elaborate)
> is that you here allow "broken" files with multiple fmt chunks to set
> up multiple AVStreams, which would never contain data and thus hang
> for a long time in av_find_stream_info(). Probably a second fmt chunk
> should be ignored/skipped.
Hm, good point. Updated the patch with a check and a warning, meaning it
doesn't parse any extra fmt tags but warns the user.
(accidentally sent this reply directly to Ronald's gmail initially,
instead of to the list)
/Tomas
More information about the ffmpeg-devel
mailing list