[FFmpeg-devel] [FFmpeg-cvslog] avformat/matroskadec: Check parents remaining length

Andreas Rheinhardt andreas.rheinhardt at gmail.com
Thu May 9 18:54:00 EEST 2019


Michael Niedermayer:
> On Sun, Feb 17, 2019 at 09:53:03AM +0000, Steve Lhomme wrote:
>> ffmpeg | branch: master | Steve Lhomme <robux4 at ycbcr.xyz> | Wed Feb 13 13:20:45 2019 +0100| [9326117bf63b04a466d9e787224e56ba8cdbb215] | committer: Michael Niedermayer
>>
>> avformat/matroskadec: Check parents remaining length
>>
>> This was found through the Hacker One program on VLC but is not a security issue in libavformat
>> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
>>
>>> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9326117bf63b04a466d9e787224e56ba8cdbb215
>> ---
>>
>>  libavformat/matroskadec.c | 12 ++++++++++++
>>  1 file changed, 12 insertions(+)
> 
> this detects an issue in ffmpeg generated mkv:
> 
> ./ffmpeg -f lavfi -i color=black -pix_fmt yuv422p10le -bitexact -vframes 1 -c:v ffv1 -level 3 -y fff.mkv && ./ffmpeg -i fff.mkv -f null -
> 
> [matroska,webm @ 0x35e9040] Invalid length 0x17 > 0x9b0 in parent
> 
This is a known bug introduced by that commit; the error message is
harmless, but bogus. I have already sent a patchset [1] to fix this
very issue (and some other stuff I found while reading the Matroska
demuxer's code). You even replied to it and you merged one of the
commits (which changed the error message a bit, but did not prevent
the bogus error).

Said patchset was in turn reviewed by Steve Lhomme in April. I am
nearly done with incorporating his review into an updated patchset.
You can already take a look if you want: [2]. It fixes this error
message (among other things).

- Andreas

[1]: https://ffmpeg.org/pipermail/ffmpeg-devel/2019-March/240806.html
is the original mail, explaining the reason for the error.
https://ffmpeg.org/pipermail/ffmpeg-devel/2019-March/241694.html is
the link to the first version including a (now outdated) patch to fix
this.
[2]: https://github.com/mkver/FFmpeg/commits/matroska_demuxer_8
"Redo level handling" is the commit that fixes the error message.


More information about the ffmpeg-devel mailing list