[FFmpeg-devel] [PATCH] [PATCH]: Fix AVI demuxing when the input is in streaming mode.

Michael Niedermayer michaelni at gmx.at
Thu Mar 28 02:53:00 CET 2013


On Wed, Mar 27, 2013 at 05:47:03PM -0700, Thierry Foucu wrote:
> ---
>  libavformat/avidec.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/libavformat/avidec.c b/libavformat/avidec.c
> index f6eb71e..121033f 100644
> --- a/libavformat/avidec.c
> +++ b/libavformat/avidec.c
> @@ -374,9 +374,13 @@ static int avi_read_header(AVFormatContext *s)
>  
>      av_log(avi, AV_LOG_DEBUG, "use odml:%d\n", avi->use_odml);
>  
> -    avi->io_fsize = avi->fsize = avio_size(pb);
> -    if(avi->fsize<=0 || avi->fsize < avi->riff_end)
> -        avi->fsize= avi->riff_end == 8 ? INT64_MAX : avi->riff_end;
> +    if (pb->seekable) {
> +        avi->io_fsize = avi->fsize = avio_size(pb);
> +        if(avi->fsize<=0 || avi->fsize < avi->riff_end)
> +            avi->fsize= avi->riff_end == 8 ? INT64_MAX : avi->riff_end;
> +    } else {
> +        avi->fsize = avi->riff_end = INT64_MAX;
> +    }

This looks a bit odd, i thought this code already handled non seekable
cases correctly.
The only issue i can see is that fsize is possibly missing an
update in case of multiple riff chunks or frames going beyond the
riff_end.
setting fsize & riff_end to INT64_MAX would remove one way of limiting
packet sizes and malloc sizes possibly resulting in huge memory
allocations and reading to EOF on damaged files.

How can i reproduce the issue this fixes ?

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

While the State exists there can be no freedom; when there is freedom there
will be no State. -- Vladimir Lenin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130328/2ef6c473/attachment.asc>


More information about the ffmpeg-devel mailing list