[FFmpeg-devel] [PATCH] flvdec: Check the avio_seek return value after reading a metadata packet
Steven Liu
lingjiujianke at gmail.com
Thu Sep 7 03:32:10 EEST 2017
2017-09-06 0:38 GMT+08:00 Steven Liu <lq at chinaffmpeg.org>:
> COPY FROM libav Martin Storsjö <martin at martin.st>
>
> If the metadata packet is corrupted, flv_read_metabody can accidentally
> read past the start of the next packet. If the start of the next packet
> had been flushed out of the IO buffer, we would be unable to seek to
> the right position (on a nonseekable stream).
>
> Prefer to clearly error out instead of silently trying to read from a
> desynced stream which will only be interpreted as garbage.
>
> Signed-off-by: Steven Liu <lq at chinaffmpeg.org>
> ---
> libavformat/flvdec.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
> index 2e70352c53..2d89bef15f 100644
> --- a/libavformat/flvdec.c
> +++ b/libavformat/flvdec.c
> @@ -1015,7 +1015,13 @@ retry:
> "Skipping flv packet: type %d, size %d, flags %d.\n",
> type, size, flags);
> skip:
> - avio_seek(s->pb, next, SEEK_SET);
> + if (avio_seek(s->pb, next, SEEK_SET) != next) {
> + // This can happen if flv_read_metabody above read past
> + // next, on a non-seekable input, and the preceding data has
> + // been flushed out from the IO buffer.
> + av_log(s, AV_LOG_ERROR, "Unable to seek to the next packet\n");
> + return AVERROR_INVALIDDATA;
> + }
> ret = FFERROR_REDO;
> goto leave;
> }
> --
> 2.11.0 (Apple Git-81)
>
>
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
pushed
More information about the ffmpeg-devel
mailing list