[FFmpeg-devel] MOV: fix crash when 'meta' occurs before first 'trak'
Baptiste Coudurier
baptiste.coudurier
Tue Mar 3 08:42:43 CET 2009
On 3/2/2009 11:40 PM, Alex Converse wrote:
> On Tue, Mar 3, 2009 at 2:26 AM, Baptiste Coudurier
> <baptiste.coudurier at gmail.com> wrote:
>> Hi Alex,
>>
>> On 3/2/2009 9:21 PM, Alex Converse wrote:
>>> Hi,
>>>
>>> $subj.
>>>
>>> An example of such a file is 12_metas.mp4 from the Amd. 24 conformance
>>> streams. [1]
>>>
>>> Regards,
>>> Alex Converse
>>>
>>> [1] http://standards.iso.org/ittf/PubliclyAvailableStandards/c046294_ISO_IEC_14496-4_2004_Amd_24_2008_Conformance_Testing.zip
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> diff --git a/libavformat/mov.c b/libavformat/mov.c
>>> index b34326c..c9d5fdc 100644
>>> --- a/libavformat/mov.c
>>> +++ b/libavformat/mov.c
>>> @@ -21,7 +21,8 @@
>>>
>>> #include <limits.h>
>>>
>>> -//#define DEBUG
>>> +#define DEBUG
>>> +#undef NDEBUG
>>>
>>> #include "libavutil/intreadwrite.h"
>>> #include "libavutil/avstring.h"
>> Forgotten hunk
>>
>>> @@ -308,10 +309,12 @@ static int mov_read_dref(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
>>>
>>> static int mov_read_hdlr(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
>>> {
>>> - AVStream *st = c->fc->streams[c->fc->nb_streams-1];
>>> + AVStream *st = NULL;
>>> uint32_t type;
>>> uint32_t ctype;
>>>
>>> + if (c->fc->nb_streams > 0)
>>> + st = c->fc->streams[c->fc->nb_streams-1];
>>> get_byte(pb); /* version */
>>> get_be24(pb); /* flags */
>>>
>>> @@ -325,6 +328,7 @@ static int mov_read_hdlr(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
>>> *((char *)&type), ((char *)&type)[1], ((char *)&type)[2], ((char *)&type)[3]);
>>> if(!ctype)
>>> c->isom = 1;
>>> + if(st) {
>>> if (type == MKTAG('v','i','d','e'))
>>> st->codec->codec_type = CODEC_TYPE_VIDEO;
>>> else if(type == MKTAG('s','o','u','n'))
>>> @@ -334,6 +338,7 @@ static int mov_read_hdlr(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
>>> else if(type == MKTAG('s','u','b','p')) {
>>> st->codec->codec_type = CODEC_TYPE_SUBTITLE;
>>> }
>>> + }
>>> get_be32(pb); /* component manufacture */
>>> get_be32(pb); /* component flags */
>>> get_be32(pb); /* component flags mask */
>>>
>> Does
>>
>> if (c->fc->nb_streams < 1) // meta before first trak
>> return 0;
>>
>> work ?
>>
>> like in mov_read_extradata ? If so I prefer this.
>>
>
> Yes, that appears to work.
>
>
> ------------------------------------------------------------------------
>
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index b34326c..88f8003 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -308,10 +308,15 @@ static int mov_read_dref(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
>
> static int mov_read_hdlr(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
> {
> - AVStream *st = c->fc->streams[c->fc->nb_streams-1];
> + AVStream *st;
> uint32_t type;
> uint32_t ctype;
>
> + if (c->fc->nb_streams < 1) // meta before first trak
> + return 0;
> +
> + st = c->fc->streams[c->fc->nb_streams-1];
> +
> get_byte(pb); /* version */
> get_be24(pb); /* flags */
>
Patch ok.
--
Baptiste COUDURIER GnuPG Key Id: 0x5C1ABAAA
Key fingerprint 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
checking for life_signs in -lkenny... no
FFmpeg maintainer http://www.ffmpeg.org
More information about the ffmpeg-devel
mailing list