[FFmpeg-devel] MOV: fix crash when 'meta' occurs before first 'trak'

Alex Converse alex.converse
Tue Mar 3 19:24:55 CET 2009 

On Tue, Mar 3, 2009 at 2:42 AM, Baptiste Coudurier
<baptiste.coudurier at gmail.com> wrote:
> On 3/2/2009 11:40 PM, Alex Converse wrote:
>> On Tue, Mar 3, 2009 at 2:26 AM, Baptiste Coudurier
>> <baptiste.coudurier at gmail.com> wrote:
>>> Hi Alex,
>>>
>>> On 3/2/2009 9:21 PM, Alex Converse wrote:
>>>> Hi,
>>>>
>>>> $subj.
>>>>
>>>> An example of such a file is 12_metas.mp4 from the Amd. 24 conformance
>>>> streams. [1]
>>>>
>>>> Regards,
>>>> Alex Converse
>>>>
>>>> [1] http://standards.iso.org/ittf/PubliclyAvailableStandards/c046294_ISO_IEC_14496-4_2004_Amd_24_2008_Conformance_Testing.zip
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> diff --git a/libavformat/mov.c b/libavformat/mov.c
>>>> index b34326c..c9d5fdc 100644
>>>> --- a/libavformat/mov.c
>>>> +++ b/libavformat/mov.c
>>>> @@ -21,7 +21,8 @@
>>>>
>>>> ?#include <limits.h>
>>>>
>>>> -//#define DEBUG
>>>> +#define DEBUG
>>>> +#undef NDEBUG
>>>>
>>>> ?#include "libavutil/intreadwrite.h"
>>>> ?#include "libavutil/avstring.h"
>>> Forgotten hunk
>>>
>>>> @@ -308,10 +309,12 @@ static int mov_read_dref(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
>>>>
>>>> ?static int mov_read_hdlr(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
>>>> ?{
>>>> - ? ?AVStream *st = c->fc->streams[c->fc->nb_streams-1];
>>>> + ? ?AVStream *st = NULL;
>>>> ? ? ?uint32_t type;
>>>> ? ? ?uint32_t ctype;
>>>>
>>>> + ? ?if (c->fc->nb_streams > 0)
>>>> + ? ? ? ?st = c->fc->streams[c->fc->nb_streams-1];
>>>> ? ? ?get_byte(pb); /* version */
>>>> ? ? ?get_be24(pb); /* flags */
>>>>
>>>> @@ -325,6 +328,7 @@ static int mov_read_hdlr(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
>>>> ? ? ? ? ? ? ?*((char *)&type), ((char *)&type)[1], ((char *)&type)[2], ((char *)&type)[3]);
>>>> ? ? ?if(!ctype)
>>>> ? ? ? ? ?c->isom = 1;
>>>> + ? ?if(st) {
>>>> ? ? ?if ? ? (type == MKTAG('v','i','d','e'))
>>>> ? ? ? ? ?st->codec->codec_type = CODEC_TYPE_VIDEO;
>>>> ? ? ?else if(type == MKTAG('s','o','u','n'))
>>>> @@ -334,6 +338,7 @@ static int mov_read_hdlr(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
>>>> ? ? ?else if(type == MKTAG('s','u','b','p')) {
>>>> ? ? ? ? ?st->codec->codec_type = CODEC_TYPE_SUBTITLE;
>>>> ? ? ?}
>>>> + ? ?}
>>>> ? ? ?get_be32(pb); /* component ?manufacture */
>>>> ? ? ?get_be32(pb); /* component flags */
>>>> ? ? ?get_be32(pb); /* component flags mask */
>>>>
>>> Does
>>>
>>> if (c->fc->nb_streams < 1) // meta before first trak
>>> ? ?return 0;
>>>
>>> work ?
>>>
>>> like in mov_read_extradata ? If so I prefer this.
>>>
>>
>> Yes, that appears to work.
>>
>>
>> ------------------------------------------------------------------------
>>
>> diff --git a/libavformat/mov.c b/libavformat/mov.c
>> index b34326c..88f8003 100644
>> --- a/libavformat/mov.c
>> +++ b/libavformat/mov.c
>> @@ -308,10 +308,15 @@ static int mov_read_dref(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
>>
>> ?static int mov_read_hdlr(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
>> ?{
>> - ? ?AVStream *st = c->fc->streams[c->fc->nb_streams-1];
>> + ? ?AVStream *st;
>> ? ? ?uint32_t type;
>> ? ? ?uint32_t ctype;
>>
>> + ? ?if (c->fc->nb_streams < 1) // meta before first trak
>> + ? ? ? ?return 0;
>> +
>> + ? ?st = c->fc->streams[c->fc->nb_streams-1];
>> +
>> ? ? ?get_byte(pb); /* version */
>> ? ? ?get_be24(pb); /* flags */
>>
>
> Patch ok.
>

Applied.

More information about the ffmpeg-devel mailing list