[FFmpeg-devel] [Ffmpeg-user] chroma errors on movie file.

Michael Niedermayer michaelni
Mon Oct 8 00:25:29 CEST 2007


On Sun, Oct 07, 2007 at 10:38:01PM +0200, Baptiste Coudurier wrote:
> Hi
> 
> Michael Niedermayer wrote:
> >>>>>>
> >>>>>> [...]
> >>>>>>
> >>>>>>Ok, problem is that "fiel" atom parsing overwrites extradata in
> >>>>>>mov_read_extradata (overwrite 'SMI ' atom), so decoder fails to decode
> >>>>>>stream. Attached patch makes mov_read_extradata appending atoms in
> >>>>>>extradata. svq3 decoder will search for 'SEQH' sequence (contained in
> >>>>>>'SMI ') in extradata.
> >>>>>>
> >>>>>>Michael is it ok for you ?
> >>>>>
> >>>>>
> >>>>>yes, except:
> >>>>>
> >>>>>[...]
> >>>>>
> >>>>>>Index: libavformat/mov.c
> >>>>>>===================================================================
> >>>>>>--- libavformat/mov.c	(revision 10249)
> >>>>>>+++ libavformat/mov.c	(working copy)
> >>>>>>@@ -470,14 +470,25 @@
> >>>>>>static int mov_read_extradata(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
> >>>>>>{
> >>>>>>   AVStream *st = c->fc->streams[c->fc->nb_streams-1];
> >>>>>>+    uint8_t *data_ptr;
> >>>>>>+    if (st->codec->extradata) {
> >>>>>>+        unsigned old_size = st->codec->extradata_size;
> >>>>>>+        if((uint64_t)atom.size > (1<<30) - old_size - 8)
> >>>>>>+            return -1;
> >>>>>
> >>>>>
> >>>>>this check
> >>>>>if old_size for example is 1<<30 this check fails
> >>>>>
> >>>>
> >>>>Humm it's late but if old_size is 1<<30 it must indeed fail, because new
> >>>>atom size won't be < 1<<30. Or ?
> >>>
> >>>
> >>>lets say it more precissely, the return -1 wont be executed if old_size=1<<30
> >>>
> >>
> >>Ok I see it now, what about that ?
> > 
> > 
> > it might work but its a little obfuscated
> > 
> 
> Aie, well a bit :(
> I can merge both tests, and add comments to explain why we are appending
> atoms but code speaks for itself no ?
> 
> Do you have a suggestion ? I'll code it, this bug needs to be fixed.

well, i think the following could replace the whole and be safe

uint64_t size= (uint64_t)st->codec->extradata_size + atom.size + 8 + FF_INPUT_BUFFER_PADDING_SIZE;
if(size > INT_MAX || (uint64_t)atom.size > INT_MAX)
    return -1;
buf= av_realloc(st->codec->extradata, size);
if(!buf)
    return -1;
st->codec->extradata= buf;
buf+= st->codec->extradata_size;
st->codec->extradata_size= size - FF_INPUT_BUFFER_PADDING_SIZE;
AV_WB32(       buf    , atom.size + 8);
AV_WL32(       buf + 4, atom.type);
get_buffer(pb, buf + 8, atom.size);


[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Why not whip the teacher when the pupil misbehaves? -- Diogenes of Sinope
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20071008/f5835904/attachment.pgp>



More information about the ffmpeg-devel mailing list