[FFmpeg-devel] [PATCH] oggparsevorbis: protection from rotten oggs
David Conrad
lessen42
Sat Aug 7 23:14:13 CEST 2010
On Aug 7, 2010, at 4:02 PM, Alex Converse wrote:
> The patch adds some sanity checks for requirements of a valid Vorbis I
> stream from 4.2.1 and 4.2.2 to oggparsevorbis.c.
> Index: libavformat/oggparsevorbis.c
> ===================================================================
> --- libavformat/oggparsevorbis.c (revision 24726)
> +++ libavformat/oggparsevorbis.c (working copy)
> @@ -206,6 +206,12 @@
> return -1;
>
> priv = os->private;
> +
> + if (priv->packet[pkt_type>>1])
> + return -1;
> + if (pkt_type > 1 && !priv->packet[0] || pkt_type > 3 && !priv->packet[1])
> + return -1;
> +
> priv->len[pkt_type >> 1] = os->psize;
> priv->packet[pkt_type >> 1] = av_mallocz(os->psize);
> memcpy(priv->packet[pkt_type >> 1], os->buf + os->pstart, os->psize);
OK
> @@ -220,7 +226,11 @@
> return -1;
>
> st->codec->channels = bytestream_get_byte(&p);
> + if (!st->codec->channels)
> + return -1;
> st->codec->sample_rate = bytestream_get_le32(&p);
> + if (st->codec->sample_rate <= 0)
> + return -1;
> p += 4; // skip maximum bitrate
> st->codec->bit_rate = bytestream_get_le32(&p); // nominal bitrate
> p += 4; // skip minimum bitrate
I'm sure there are other containers/codecs that don't check these for nonzero and/or positive, there isn't a check in utils.c or similar?
More information about the ffmpeg-devel
mailing list