[FFmpeg-devel] [PATCH] [PATCH]: Fix AVI demuxing when the input is in streaming mode.
Michael Niedermayer
michaelni at gmx.at
Thu Mar 28 02:53:00 CET 2013
On Wed, Mar 27, 2013 at 05:47:03PM -0700, Thierry Foucu wrote:
> ---
> libavformat/avidec.c | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/libavformat/avidec.c b/libavformat/avidec.c
> index f6eb71e..121033f 100644
> --- a/libavformat/avidec.c
> +++ b/libavformat/avidec.c
> @@ -374,9 +374,13 @@ static int avi_read_header(AVFormatContext *s)
>
> av_log(avi, AV_LOG_DEBUG, "use odml:%d\n", avi->use_odml);
>
> - avi->io_fsize = avi->fsize = avio_size(pb);
> - if(avi->fsize<=0 || avi->fsize < avi->riff_end)
> - avi->fsize= avi->riff_end == 8 ? INT64_MAX : avi->riff_end;
> + if (pb->seekable) {
> + avi->io_fsize = avi->fsize = avio_size(pb);
> + if(avi->fsize<=0 || avi->fsize < avi->riff_end)
> + avi->fsize= avi->riff_end == 8 ? INT64_MAX : avi->riff_end;
> + } else {
> + avi->fsize = avi->riff_end = INT64_MAX;
> + }
This looks a bit odd, i thought this code already handled non seekable
cases correctly.
The only issue i can see is that fsize is possibly missing an
update in case of multiple riff chunks or frames going beyond the
riff_end.
setting fsize & riff_end to INT64_MAX would remove one way of limiting
packet sizes and malloc sizes possibly resulting in huge memory
allocations and reading to EOF on damaged files.
How can i reproduce the issue this fixes ?
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
While the State exists there can be no freedom; when there is freedom there
will be no State. -- Vladimir Lenin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130328/2ef6c473/attachment.asc>
More information about the ffmpeg-devel
mailing list