[FFmpeg-trac] #10326(avformat:new): Possibly invalid restriction for CTTS sample_offset field

FFmpeg trac at avcodec.org
Wed Apr 19 15:52:36 EEST 2023 

#10326: Possibly invalid restriction for CTTS sample_offset field
-------------------------------------+-------------------------------------
             Reporter:  Robert       |                     Type:  defect
  Swain                              |
               Status:  new          |                 Priority:  normal
            Component:  avformat     |                  Version:  git-
                                     |  master
             Keywords:               |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 Summary of the bug:

 libavformat/mov.c logs an error for a CTTS box sample_offset that is, as
 far as I can tell, valid according to the ISO/IEC 14496-12 and Apple
 specifications.

 How to reproduce:

 The check is here:
 https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/refs/heads/master:/libavformat/mov.c#l3322

 {{{
          if (FFNABS(duration) < -(1<<28) && i+2<entries) {
              av_log(c->fc, AV_LOG_WARNING, "CTTS invalid\n");
              av_freep(&sc->ctts_data);
              sc->ctts_count = 0;
              return 0;
          }
 }}}

 A slightly different form of the check was originally introduced as a fix
 for https://trac.ffmpeg.org/ticket/385 with the commit message:

 {{{
 commit 4093220029a4d77f272c491e9299680480a08c00
 Author: Michael Niedermayer <michael at niedermayer.cc>
 Date:   Thu Mar 8 07:10:57 2012 +0100

     mov: Discard invalid CTTS.

     Fixes Ticket385

     Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
 }}}

 There are no comments on the code nor does the commit message nor code
 explain why the check is correct.

 As the Apple specification is publicly and freely available I'll link it
 here:
 https://developer.apple.com/library/archive/documentation/QuickTime/QTFF/QTFFChap2/qtff2.html#//apple_ref/doc/uid/TP40000939-CH204-SW19
 I wasn't able to find anything in that specification nor in ISO/IEC
 14496-12 section 8.6.1.3 about the `sample_offset` having a reduced range
 than the data type of the field.

 The code enforces that the CTTS box `sample_offset` (the `duration`
 variable in the code in mov.c - also, why is it called `duration`?) is
 required to be <= 2^28. Why is this?
-- 
Ticket URL: <https://trac.ffmpeg.org/ticket/10326>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list