[FFmpeg-devel] [PATCH 3/8] ffmdec: make sure the time base is valid

Michael Niedermayer michaelni at gmx.at
Mon Mar 9 03:59:07 CET 2015 

On Mon, Mar 09, 2015 at 12:03:33AM +0100, Andreas Cadhalpun wrote:
> Hi,
> 
> attached patch fixes assertions in av_rescale_rnd.
> 
> Best regards,
> Andreas

>  ffmdec.c |   11 +++++++++++
>  1 file changed, 11 insertions(+)
> 26bb6e42cc4cb5afc9ac83c27152edece8d62943  0003-ffmdec-make-sure-the-time-base-is-valid.patch
> From 8f647fe16693509056483c4d1bc4a57895e9de10 Mon Sep 17 00:00:00 2001
> From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> Date: Sun, 8 Mar 2015 23:12:59 +0100
> Subject: [PATCH 3/8] ffmdec: make sure the time base is valid
> 
> A negative time base can trigger assertions.
> 
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> ---
>  libavformat/ffmdec.c | 11 +++++++++++
>  1 file changed, 11 insertions(+)
> 
> diff --git a/libavformat/ffmdec.c b/libavformat/ffmdec.c
> index af37e74..2459691 100644
> --- a/libavformat/ffmdec.c
> +++ b/libavformat/ffmdec.c
> @@ -331,6 +331,12 @@ static int ffm2_read_header(AVFormatContext *s)
>              }
>              codec->time_base.num = avio_rb32(pb);
>              codec->time_base.den = avio_rb32(pb);
> +            if (codec->time_base.num < 0 || codec->time_base.den <= 0) {
> +                av_log(s, AV_LOG_ERROR, "Invalid time base %d/%d\n",
> +                       codec->time_base.num, codec->time_base.den);
> +                ret = AVERROR_INVALIDDATA;
> +                goto fail;
> +            }
>              codec->width = avio_rb16(pb);
>              codec->height = avio_rb16(pb);
>              codec->gop_size = avio_rb16(pb);
> @@ -503,6 +509,11 @@ static int ffm_read_header(AVFormatContext *s)
>          case AVMEDIA_TYPE_VIDEO:
>              codec->time_base.num = avio_rb32(pb);
>              codec->time_base.den = avio_rb32(pb);
> +            if (codec->time_base.num < 0 || codec->time_base.den <= 0) {
> +                av_log(s, AV_LOG_ERROR, "Invalid time base %d/%d\n",
> +                       codec->time_base.num, codec->time_base.den);
> +                goto fail;
> +            }

is anything using a 0/n timebase ?
if not i would extend this to also disallow 0/n

[..]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

DNS cache poisoning attacks, popular search engine, Google internet authority
dont be evil, please
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150309/9acd83ae/attachment.asc>

More information about the ffmpeg-devel mailing list