[FFmpeg-devel] [PATCH] [PATCH]: Fix AVI demuxing when the input is in streaming mode.

Thierry Foucu tfoucu at gmail.com
Thu Mar 28 04:48:41 CET 2013 

On Wed, Mar 27, 2013 at 6:53 PM, Michael Niedermayer <michaelni at gmx.at>wrote:

> On Wed, Mar 27, 2013 at 05:47:03PM -0700, Thierry Foucu wrote:
> > ---
> >  libavformat/avidec.c | 10 +++++++---
> >  1 file changed, 7 insertions(+), 3 deletions(-)
> >
> > diff --git a/libavformat/avidec.c b/libavformat/avidec.c
> > index f6eb71e..121033f 100644
> > --- a/libavformat/avidec.c
> > +++ b/libavformat/avidec.c
> > @@ -374,9 +374,13 @@ static int avi_read_header(AVFormatContext *s)
> >
> >      av_log(avi, AV_LOG_DEBUG, "use odml:%d\n", avi->use_odml);
> >
> > -    avi->io_fsize = avi->fsize = avio_size(pb);
> > -    if(avi->fsize<=0 || avi->fsize < avi->riff_end)
> > -        avi->fsize= avi->riff_end == 8 ? INT64_MAX : avi->riff_end;
> > +    if (pb->seekable) {
> > +        avi->io_fsize = avi->fsize = avio_size(pb);
> > +        if(avi->fsize<=0 || avi->fsize < avi->riff_end)
> > +            avi->fsize= avi->riff_end == 8 ? INT64_MAX : avi->riff_end;
> > +    } else {
> > +        avi->fsize = avi->riff_end = INT64_MAX;
> > +    }
>
> This looks a bit odd, i thought this code already handled non seekable
> cases correctly.
> The only issue i can see is that fsize is possibly missing an
> update in case of multiple riff chunks or frames going beyond the
> riff_end.
> setting fsize & riff_end to INT64_MAX would remove one way of limiting
> packet sizes and malloc sizes possibly resulting in huge memory
> allocations and reading to EOF on damaged files.
>
> How can i reproduce the issue this fixes ?
>


You need to have a AVI file grater than 1GB byte and using a pipe as input
to ffmpeg.

here are the step we used to reproduce the problem:

1- create a large AVI file. This should create a file of 7s video of 1.7GB
size

 ffmpeg -lavfi -i mandelbrot=s=1920x1080:r=30 -t 7 -y -vcodec rawvideo
/tmp/video.avi

2- create a fifo and cat the file to it

mkfifo video; cat /tmp/video.avi > video &

3- using ffprobe on the fifo

ffprobe -show_packets -print_format compact -i video

The last video frame showing by ffprobe will be
packet|codec_type=video|stream_index=0|pts=129|pts_time=4.300000|dts=129|dts_time=4.300000|duration=1|duration_time=0.033333|convergence_duration=N/A|convergence_duration_time=N/A|size=8294400|pos=1069984390|flags=K

note the pts is 4.3 second and ffprobe continue to parse the file, but does
not output any more information.

now, if you use ffprobe on the file directly, the last entry is:

packet|codec_type=video|stream_index=0|pts=209|pts_time=6.966667|dts=209|dts_time=6.966667|duration=1|duration_time=0.033333|convergence_duration=N/A|convergence_duration_time=N/A|size=8294400|pos=1733540214|flags=

packet|codec_type=video|stream_index=0|pts=209|pts_time=6.966667|dts=209|dts_time=6.966667|duration=1|duration_time=0.033333|convergence_duration=N/A|convergence_duration_time=N/A|size=8294400|pos=1733540214|flags=K

packet|codec_type=video|stream_index=0|pts=129|pts_time=4.300000|dts=129|dts_time=4.300000|duration=1|duration_time=0.033333|convergence_duration=N/A|convergence_duration_time=N/A|size=8294400|pos=1069984390|flags=K
[2]+  Done



>
> [...]
> --
> Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> While the State exists there can be no freedom; when there is freedom there
> will be no State. -- Vladimir Lenin
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
>

More information about the ffmpeg-devel mailing list