[FFmpeg-devel] [PATCH] check that incoming data is identified as H.264

Sun Feb 27 14:12:40 CET 2011

On Sat, Feb 26, 2011 at 03:28:16PM -0500, Sean McGovern wrote:
> ---
>  libavcodec/h264_mp4toannexb_bsf.c |    8 +++++++-
>  1 files changed, 7 insertions(+), 1 deletions(-)

This should mention the roundup issue this is related to.

> diff --git a/libavcodec/h264_mp4toannexb_bsf.c b/libavcodec/h264_mp4toannexb_bsf.c
> index d4a7f31..6b5ecb9 100644
> --- a/libavcodec/h264_mp4toannexb_bsf.c
> +++ b/libavcodec/h264_mp4toannexb_bsf.c
> @@ -71,6 +71,12 @@ static int h264_mp4toannexb_filter(AVBitStreamFilterContext *bsfc,
>          return 0;
>      }
>  
> +    /* ensure incoming data is H.264 */
> +    if(avctx->codec_id != CODEC_ID_H264 ||
> +      avctx->codec_tag != AV_RL32("avc1")) {
> +        return AVERROR(EINVAL);
> +    }
> +
>      /* retrieve sps and pps NAL units from extradata */
>      if (!ctx->extradata_parsed) {
>          uint16_t unit_size;
> @@ -114,7 +120,7 @@ static int h264_mp4toannexb_filter(AVBitStreamFilterContext *bsfc,
>                  unit_nb = *extradata++; /* number of pps unit(s) */
>          }
>  
> -        memset(out + total_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
> +        if(out) memset(out + total_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
>          av_free(avctx->extradata);
>          avctx->extradata      = out;
>          avctx->extradata_size = total_size;

And as I remember it I explained that the first part is just
nonsense whereas the second one is correct (though not that total_size
is 0 when out is NULL, so it is at least only a DoS issue).