[FFmpeg-devel] [mov] Bail when invalid sample data is present.

Michael Niedermayer michael at niedermayer.cc
Sat Aug 26 04:09:43 EEST 2017


On Fri, Aug 25, 2017 at 11:59:51AM -0700, Dale Curtis wrote:
> On Fri, Aug 25, 2017 at 5:43 AM, Michael Niedermayer <michael at niedermayer.cc
> > wrote:
> 
> >
> > This patch breaks:
> > http://samples.ffmpeg.org/mov/mp4/discont-frag.mp4
> >
> >
> Hmm, indeed it does. The reason is that we read the sample count from the
> stsz box and then read the trun box. I don't think this block of code has
> ever been correct in that case:
> 
> http://git.videolan.org/?p=ffmpeg.git;a=blob;f=libavformat/mov.c;hb=HEAD#
> l4287
> 
> It shifts all the ctts entries incorrectly and even did so prior to my
> patch. I've uploaded a new version of my fix which simply deletes this
> block of code. It passes all the fate test cases and those we have in
> Chrome. Let me know if fails any of your private test cases.
> 
> - dale

>  mov.c |   25 +++----------------------
>  1 file changed, 3 insertions(+), 22 deletions(-)
> 526e37d02ef1cc4ab1eed7d4f330ecc2b4bb5e8e  sample_count_fix_v3.patch
> From 049f885ee972b0efb6dcbf456025e56dd627b8b9 Mon Sep 17 00:00:00 2001
> From: Dale Curtis <dalecurtis at chromium.org>
> Date: Mon, 31 Jul 2017 13:44:22 -0700
> Subject: [PATCH] [mov] Bail when invalid sample data is present.
> 
> ctts data in ffmpeg relies on the index entries array to be 1:1
> with samples... yet sc->sample_count can be read directly from
> the 'stsz' box and index entries are only generated if a chunk
> count has been read from 'stco' box.
> 
> Ensure that if sc->sample_count > 0, sc->chunk_count is too as
> a basic sanity check. Additionally we need to check that after
> the index is built we have the right number of entries, so we
> also check in mov_read_trun() that sc->sample_count ==
> st->nb_index_entries.
> ---
>  libavformat/mov.c | 25 +++----------------------
>  1 file changed, 3 insertions(+), 22 deletions(-)

This changes the printed duration start time and bitrate for
MAV_0034.3G2
see
https://trac.ffmpeg.org/ticket/2757

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Into a blind darkness they enter who follow after the Ignorance,
they as if into a greater darkness enter who devote themselves
to the Knowledge alone. -- Isha Upanishad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20170826/4bdc3942/attachment.sig>


More information about the ffmpeg-devel mailing list