[FFmpeg-devel] [PATCH 2/4] mov: check for positive sample->size

Michael Niedermayer michaelni at gmx.at
Mon May 25 18:31:34 CEST 2015


On Mon, May 25, 2015 at 05:25:18PM +0200, Andreas Cadhalpun wrote:
> On 24.05.2015 19:23, Michael Niedermayer wrote:
> > On Sun, May 24, 2015 at 03:21:25PM +0200, Andreas Cadhalpun wrote:
> >>  mov.c |    5 +++++
> >>  1 file changed, 5 insertions(+)
> >> 199a14800f0d79aa85b8dc01c2c1dc2743c3fb0d  0001-mov-check-for-negative-stsc-count.patch
> >> From 1d66ce9f96ccd4e130837a5e38885109f26bb4f6 Mon Sep 17 00:00:00 2001
> >> From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> >> Date: Sun, 24 May 2015 15:14:23 +0200
> >> Subject: [PATCH] mov: check for negative stsc count
> >>
> >> A negative stsc count can cause the mov demuxer to return a large
> >> number of empty packets.
> > 
> > ISO/IEC 14496-12:2012(E) says the field is unsigned so it cannot be
> > negative
> > 
> > 8.7.4.2   Syntax
> > aligned(8) class SampleToChunkBox
> >     extends FullBox("stsc", version = 0, 0) {
> >     unsigned int(32) entry_count;
> >     for (i=1; i <= entry_count; i++) {
> >         unsigned int(32) first_chunk;
> >         unsigned int(32) samples_per_chunk;
> >         unsigned int(32) sample_description_index;
> >     }
> > }
> 
> OK, but then the types of the members of MOVStsc and likely also MOVStts
> are incorrectly int. The first attached patch changes that.

MOVStts needs to stay signed, its used for ctts and that is signed
per spec
aligned(8) class CompositionOffsetBox
   extends FullBox("ctts", version = 0, 0) {
   unsigned int(32) entry_count;
      int i;
   if (version==0) {
      for (i=0; i < entry_count; i++) {
         unsigned int(32) sample_count;
         unsigned int(32) sample_offset;
      }
   }
   else if (version == 1) {
      for (i=0; i < entry_count; i++) {
         unsigned int(32) sample_count;
         signed   int(32) sample_offset;
      }
   }
}

also above is just the ISO side, theres also a quicktime spec
that is seperate and while similar enough so our demuxer supports both
they are seperate file formats
https://developer.apple.com/library/mac/documentation/QuickTime/QTFF/qtff.pdf

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

It is what and why we do it that matters, not just one of them.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150525/d5fcf5a6/attachment.asc>


More information about the ffmpeg-devel mailing list