[FFmpeg-devel] [PATCH] libavformat/ffmetadec: use dynamic allocation for line buffer

Fran├žois Revol revol at free.fr
Wed Nov 7 15:34:43 EET 2018


When adding thumbnails to OGG files, the line can easily go up to 100kB.

We thus try to allocate the file size or SIZE_MAX to avoid truncation.
---
 libavformat/ffmetadec.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/libavformat/ffmetadec.c b/libavformat/ffmetadec.c
index 3290b3b7bc..ccbff51c03 100644
--- a/libavformat/ffmetadec.c
+++ b/libavformat/ffmetadec.c
@@ -128,16 +128,26 @@ static int read_tag(const uint8_t *line, AVDictionary **m)
 static int read_header(AVFormatContext *s)
 {
     AVDictionary **m = &s->metadata;
-    uint8_t line[1024];
+    int64_t line_size = avio_size(s->pb);
+    uint8_t *line;
+
+    if (line_size < 1 || line_size > SIZE_MAX)
+       line_size = SIZE_MAX;
+
+    line = av_malloc(line_size);
+    if (!line)
+        return AVERROR(ENOMEM);
 
     while(!avio_feof(s->pb)) {
-        get_line(s->pb, line, sizeof(line));
+        get_line(s->pb, line, line_size);
 
         if (!memcmp(line, ID_STREAM, strlen(ID_STREAM))) {
             AVStream *st = avformat_new_stream(s, NULL);
 
-            if (!st)
+            if (!st) {
+                av_free(line);
                 return AVERROR(ENOMEM);
+            }
 
             st->codecpar->codec_type = AVMEDIA_TYPE_DATA;
             st->codecpar->codec_id   = AV_CODEC_ID_FFMETADATA;
@@ -146,8 +156,10 @@ static int read_header(AVFormatContext *s)
         } else if (!memcmp(line, ID_CHAPTER, strlen(ID_CHAPTER))) {
             AVChapter *ch = read_chapter(s);
 
-            if (!ch)
+            if (!ch) {
+                av_free(line);
                 return AVERROR(ENOMEM);
+            }
 
             m = &ch->metadata;
         } else
@@ -160,6 +172,7 @@ static int read_header(AVFormatContext *s)
                                    s->chapters[s->nb_chapters - 1]->time_base,
                                    AV_TIME_BASE_Q);
 
+    av_free(line);
     return 0;
 }
 
-- 
2.19.1



More information about the ffmpeg-devel mailing list