[FFmpeg-cvslog] avformat/mov: replace a value error by clipping into valid range in mov_read_stsc()

Michael Niedermayer git at videolan.org
Sat Jun 16 01:31:59 EEST 2018


ffmpeg | branch: release/4.0 | Michael Niedermayer <michael at niedermayer.cc> | Mon May 21 03:16:58 2018 +0200| [2e7830e5ff5f2475113b3a8f0be60a1403b5893d] | committer: Michael Niedermayer

avformat/mov: replace a value error by clipping into valid range in mov_read_stsc()

Fixes: #7165

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit fe84f70819d6f5aab3c4823290e0d32b99d6de78)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2e7830e5ff5f2475113b3a8f0be60a1403b5893d
---

 libavformat/mov.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index da0b1942b9..e1f1b36306 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2641,14 +2641,22 @@ static int mov_read_stsc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
 
     sc->stsc_count = i;
     for (i = sc->stsc_count - 1; i < UINT_MAX; i--) {
+        int64_t first_min = i + 1;
         if ((i+1 < sc->stsc_count && sc->stsc_data[i].first >= sc->stsc_data[i+1].first) ||
             (i > 0 && sc->stsc_data[i].first <= sc->stsc_data[i-1].first) ||
-            sc->stsc_data[i].first < 1 ||
+            sc->stsc_data[i].first < first_min ||
             sc->stsc_data[i].count < 1 ||
             sc->stsc_data[i].id < 1) {
             av_log(c->fc, AV_LOG_WARNING, "STSC entry %d is invalid (first=%d count=%d id=%d)\n", i, sc->stsc_data[i].first, sc->stsc_data[i].count, sc->stsc_data[i].id);
-            if (i+1 >= sc->stsc_count || sc->stsc_data[i+1].first < 2)
-                return AVERROR_INVALIDDATA;
+            if (i+1 >= sc->stsc_count) {
+                sc->stsc_data[i].first = FFMAX(sc->stsc_data[i].first, first_min);
+                if (i > 0 && sc->stsc_data[i].first <= sc->stsc_data[i-1].first)
+                    sc->stsc_data[i].first = FFMIN(sc->stsc_data[i-1].first + 1LL, INT_MAX);
+                sc->stsc_data[i].count = FFMAX(sc->stsc_data[i].count, 1);
+                sc->stsc_data[i].id    = FFMAX(sc->stsc_data[i].id, 1);
+                continue;
+            }
+            av_assert0(sc->stsc_data[i+1].first >= 2);
             // We replace this entry by the next valid
             sc->stsc_data[i].first = sc->stsc_data[i+1].first - 1;
             sc->stsc_data[i].count = sc->stsc_data[i+1].count;



More information about the ffmpeg-cvslog mailing list