[FFmpeg-trac] #4456(undetermined:new): unsafe use of avio_r*() functions could cause demuxers into wrong state
FFmpeg
trac at avcodec.org
Wed Apr 8 12:34:27 CEST 2015
#4456: unsafe use of avio_r*() functions could cause demuxers into wrong state
-------------------------------------+-------------------------------------
Reporter: bbcallen | Type: defect
Status: new | Priority: normal
Component: | Version:
undetermined | unspecified
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Many demuxers are parsing frames by using
avio_r*() functions without checking EOF/error
Take libavformat/flvdec.c as an example:
(Line 903):
{{{
// 1. return 0 for EOF/Error
// 2. mark s->eof_reached to 1, so far, so good.
size = avio_rb32(s->pb);
// 1. make a successful seek to the wrong place
// 2. reset s->eof_reached to 0
avio_seek(s->pb, fsize - 3 - size, SEEK_SET);
// continue to read at wrong place.
if (size == avio_rb24(s->pb) + 11) {
...
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/4456>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list