[FFmpeg-devel] [PATCH] avformat/rmenc: limit packet size

Michael Niedermayer michaelni at gmx.at
Sun Mar 1 02:35:05 CET 2015 

On Sat, Feb 28, 2015 at 11:40:30PM +0100, Andreas Cadhalpun wrote:
> On 28.02.2015 23:35, Clément Bœsch wrote:
> >On Sat, Feb 28, 2015 at 11:32:59PM +0100, Andreas Cadhalpun wrote:
> >>diff --git a/libavformat/rmenc.c b/libavformat/rmenc.c
> >>index 838388f..1567834 100644
> >>--- a/libavformat/rmenc.c
> >>+++ b/libavformat/rmenc.c
> >>@@ -396,6 +396,10 @@ static int rm_write_video(AVFormatContext *s, const uint8_t *buf, int size, int
> >>      /* Well, I spent some time finding the meaning of these bits. I am
> >>         not sure I understood everything, but it works !! */
> >>  #if 1
> >>+    if (size > 0xFFFF - 7 - 4 - 12) {
> >>+        av_log(s, AV_LOG_ERROR, "paket size %d too large\n", size);
> >>+        return AVERROR(EINVAL);
> >>+    }
> >
> >If anyone applies this, please fix the packet typo.
> 
> Sorry about the typo, fixed patch attached.
> 
> Best regards,
> Andreas
> 

>  rmenc.c |    4 ++++
>  1 file changed, 4 insertions(+)
> ed4818721f356511cf92e876776de9fbb96f05d0  0001-avformat-rmenc-limit-packet-size.patch
> From 4bb0687f07713787f83dcd90214ad32b91c0f91f Mon Sep 17 00:00:00 2001
> From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> Date: Sat, 28 Feb 2015 23:11:50 +0100
> Subject: [PATCH] avformat/rmenc: limit packet size
> 
> The chunk size is limited to 0xFFFF (written by avio_wb16), so make
> sure that the packet size is not too large.
> 
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> ---
>  libavformat/rmenc.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/libavformat/rmenc.c b/libavformat/rmenc.c
> index 838388f..9066f75 100644
> --- a/libavformat/rmenc.c
> +++ b/libavformat/rmenc.c
> @@ -396,6 +396,10 @@ static int rm_write_video(AVFormatContext *s, const uint8_t *buf, int size, int
>      /* Well, I spent some time finding the meaning of these bits. I am
>         not sure I understood everything, but it works !! */
>  #if 1
> +    if (size > 0xFFFF - 7 - 4 - 12) {
> +        av_log(s, AV_LOG_ERROR, "packet size %d too large\n", size);
> +        return AVERROR(EINVAL);

I think the rm format is capable to handle larger frames, possibly
as multiple packets possible even as single ones not sure, see rmdec.c

so this would be a AVERROR_PATCHWELCOME
also see https://trac.ffmpeg.org/ticket/244

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

You can kill me, but you cannot change the truth.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150301/0a3192f9/attachment.asc>

More information about the ffmpeg-devel mailing list