[FFmpeg-devel] [PATCH 1/5] asfdec_o: check avio_skip in asf_read_simple_index

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Fri Jan 15 01:02:23 CET 2016


On 06.01.2016 19:54, Andreas Cadhalpun wrote:
> The loop can be very long, even though the file is very short.
> 
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> ---
>  libavformat/asfdec_o.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/libavformat/asfdec_o.c b/libavformat/asfdec_o.c
> index 02809bb..bc168d3 100644
> --- a/libavformat/asfdec_o.c
> +++ b/libavformat/asfdec_o.c
> @@ -970,7 +970,7 @@ static int asf_read_simple_index(AVFormatContext *s, const GUIDParseTable *g)
>      uint64_t interval; // index entry time interval in 100 ns units, usually it's 1s
>      uint32_t pkt_num, nb_entries;
>      int32_t prev_pkt_num = -1;
> -    int i;
> +    int i, ret;
>      uint64_t size = avio_rl64(pb);
>  
>      // simple index objects should be ordered by stream number, this loop tries to find
> @@ -992,7 +992,11 @@ static int asf_read_simple_index(AVFormatContext *s, const GUIDParseTable *g)
>      nb_entries = avio_rl32(pb);
>      for (i = 0; i < nb_entries; i++) {
>          pkt_num = avio_rl32(pb);
> -        avio_skip(pb, 2);
> +        ret = avio_skip(pb, 2);
> +        if (ret < 0) {
> +            av_log(s, AV_LOG_ERROR, "Skipping failed in asf_read_simple_index.\n");
> +            return ret;
> +        }
>          if (prev_pkt_num != pkt_num) {
>              av_add_index_entry(st, asf->first_packet_offset + asf->packet_size *
>                                 pkt_num, av_rescale(interval, i, 10000),
> 

Pushed now, as Alexandra (the author over at Libav) seems fine with it.

Best regards,
Andreas


More information about the ffmpeg-devel mailing list