[FFmpeg-devel] [PATCH] asfdec: division by 0 on missing packet size

Reimar Döffinger Reimar.Doeffinger
Thu Jul 2 17:43:37 CEST 2009 

On Thu, Jul 02, 2009 at 04:19:14PM +0200, Michael Niedermayer wrote:
> On Thu, Jul 02, 2009 at 03:24:30PM +0200, Reimar D?ffinger wrote:
> > On Thu, Jul 02, 2009 at 02:55:56PM +0200, Michael Niedermayer wrote:
> > > On Thu, Jul 02, 2009 at 02:35:44PM +0200, Reimar D?ffinger wrote:
> > > > Hello,
> > > > AFAICT there is no way to demux ASF without knowing the packet size,
> > > > thus read_header should already fail instead of crashing at read_packet
> > > > when we try to calulate modulus the packet size.
> > > 
> > > hmm, the packet size should not be essential for demuxing, have you tried
> > > to hack the % with something silly?
> > 
> > Actually demuxing can't work without it, since the ASF file does not have to
> > explicitly code that packet_length, it can instead specify that packet_size
> > should be used, which then breaks the whole code.
> 
> yes but, if a file did not use the default packet size it should work, iam not
> at all asking to do anything about files that use the default with it =0
> my reasoning was just that the default being 0 cant be worse than there being
> an explicit 0, if it causes a crash or such its a bug either way

If someone has a sample file, fine. Without one it is just adding code
that nobody has any idea if it works or if/when it will crash.
I have tried this hack, while decoding worked fine for _that_ file,
there was a crash or endless loop when seeking, and I have no idea how
it will behave on other files with or without the if (!packet_length)
part.
Index: libavformat/asfdec.c
===================================================================
--- libavformat/asfdec.c        (revision 19325)
+++ libavformat/asfdec.c        (working copy)
@@ -595,6 +595,9 @@
     int rsize = 8;
     int c, d, e, off;
 
+    // if we do not know packet size, allow skipping up to 32 kB
+    off= 32768;
+    if (s->packet_size > 0)
     off= (url_ftell(pb) - s->data_offset) % s->packet_size + 3;
 
     c=d=e=-1;
@@ -629,6 +632,7 @@
     DO_2BITS(asf->packet_flags >> 1, padsize, 0); // sequence ignored
     DO_2BITS(asf->packet_flags >> 3, padsize, 0); // padding length
 
+    if (!packet_length) packet_length = 16451;
     //the following checks prevent overflows and infinite loops
     if(packet_length >= (1U<<29)){
         av_log(s, AV_LOG_ERROR, "invalid packet_length %d at:%"PRId64"\n", packet_length, url_ftell(pb));

More information about the ffmpeg-devel mailing list