[FFmpeg-devel] [PATCH] mov: Fix spherical metadata_source field parsing.

Aaron Colwell acolwell at google.com
Tue Jan 10 04:47:32 EET 2017


On Mon, Jan 9, 2017 at 6:00 PM James Almer <jamrial at gmail.com> wrote:

> On 1/9/2017 3:47 PM, Aaron Colwell wrote:
> > The attached patch fixes MOV spherical metadata parsing when the
> > metadata_source field is not an empty string.
> >
> > The metadata_source field is a null-terminated string, like other ISOBMFF
> > strings,
> > not an 8-bit length followed by string characters. This patch fixes the
> > parsing
> > code so it skips over the string properly.
> >
> > Aaron
> >
> >
> > 0001-mov-Fix-spherical-metadata_source-field-parsing.patch
> >
> >
> > From a20866dfeae07a5427e8255145f7fe19d846187d Mon Sep 17 00:00:00 2001
> > From: Aaron Colwell <acolwell at google.com>
> > Date: Mon, 9 Jan 2017 09:58:01 -0800
> > Subject: [PATCH] mov: Fix spherical metadata_source field parsing.
> >
> > The metadata_source field is a null-terminated string like other ISOBMFF
> strings
> > not an 8-bit length followed by string characters. This patch fixes the
> parsing
> > code so it skips over the string properly.
> > ---
> >  libavformat/mov.c | 7 ++++++-
> >  1 file changed, 6 insertions(+), 1 deletion(-)
> >
> > diff --git a/libavformat/mov.c b/libavformat/mov.c
> > index d1b929174d..4399d2ab13 100644
> > --- a/libavformat/mov.c
> > +++ b/libavformat/mov.c
> > @@ -4553,6 +4553,7 @@ static int mov_read_sv3d(MOVContext *c,
> AVIOContext *pb, MOVAtom atom)
> >      int32_t yaw, pitch, roll;
> >      uint32_t tag;
> >      enum AVSphericalProjection projection;
> > +    int i;
> >
> >      if (c->fc->nb_streams < 1)
> >          return 0;
> > @@ -4575,7 +4576,11 @@ static int mov_read_sv3d(MOVContext *c,
> AVIOContext *pb, MOVAtom atom)
> >          return 0;
> >      }
> >      avio_skip(pb, 4); /*  version + flags */
> > -    avio_skip(pb, avio_r8(pb)); /* metadata_source */
> > +
> > +    /* metadata_source */
> > +    for (i = 0; i < size - 12; ++i)
> > +        if (!avio_r8(pb))
> > +            break;
>
> Wouldn't just doing avio_skip(pb, size - 12) be enough for this?
>

Yes. That would be the smallest change that could possibly work, but would
be more permissive than what the spec requires. I was trying to fix the bug
and
have bad content trigger an error.


>
> >
> >      size = avio_rb32(pb);
> >      if (size > atom.size)
> > -- 2.11.0.390.gc69c2f50cf-goog
> >
> >
> >
> > _______________________________________________
> > ffmpeg-devel mailing list
> > ffmpeg-devel at ffmpeg.org
> > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>


More information about the ffmpeg-devel mailing list