[FFmpeg-devel] [PATCH 01/12] avformat/mxfdec: store next_klv in KLVPacket
Marton Balint
cus at passwd.hu
Sun Jun 10 13:36:39 EEST 2018
Signed-off-by: Marton Balint <cus at passwd.hu>
---
libavformat/mxf.h | 1 +
libavformat/mxfdec.c | 13 ++++++++-----
2 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/libavformat/mxf.h b/libavformat/mxf.h
index 19f8d8a9f5..93bc2cd075 100644
--- a/libavformat/mxf.h
+++ b/libavformat/mxf.h
@@ -62,6 +62,7 @@ typedef struct KLVPacket {
UID key;
int64_t offset;
uint64_t length;
+ int64_t next_klv;
} KLVPacket;
typedef struct MXFCodecUL {
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index b3d3e237c0..a5c5fb3b8a 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -392,7 +392,7 @@ static int mxf_read_sync(AVIOContext *pb, const uint8_t *key, unsigned size)
static int klv_read_packet(KLVPacket *klv, AVIOContext *pb)
{
- int64_t length;
+ int64_t length, pos;
if (!mxf_read_sync(pb, mxf_klv_key, 4))
return AVERROR_INVALIDDATA;
klv->offset = avio_tell(pb) - 4;
@@ -402,6 +402,10 @@ static int klv_read_packet(KLVPacket *klv, AVIOContext *pb)
if (length < 0)
return length;
klv->length = length;
+ pos = avio_tell(pb);
+ if (pos > INT64_MAX - length)
+ return AVERROR_INVALIDDATA;
+ klv->next_klv = pos + length;
return 0;
}
@@ -3264,7 +3268,7 @@ static int mxf_read_packet_old(AVFormatContext *s, AVPacket *pkt)
IS_KLV_KEY(klv.key, mxf_avid_essence_element_key)) {
int body_sid = find_body_sid_by_offset(mxf, klv.offset);
int index = mxf_get_stream_index(s, &klv, body_sid);
- int64_t next_ofs, next_klv;
+ int64_t next_ofs;
AVStream *st;
if (index < 0) {
@@ -3279,10 +3283,9 @@ static int mxf_read_packet_old(AVFormatContext *s, AVPacket *pkt)
if (s->streams[index]->discard == AVDISCARD_ALL)
goto skip;
- next_klv = avio_tell(s->pb) + klv.length;
next_ofs = mxf_set_current_edit_unit(mxf, klv.offset);
- if (next_ofs >= 0 && next_klv > next_ofs) {
+ if (next_ofs >= 0 && klv.next_klv > next_ofs) {
/* if this check is hit then it's possible OPAtom was treated as OP1a
* truncate the packet since it's probably very large (>2 GiB is common) */
avpriv_request_sample(s,
@@ -3314,7 +3317,7 @@ static int mxf_read_packet_old(AVFormatContext *s, AVPacket *pkt)
return ret;
/* seek for truncated packets */
- avio_seek(s->pb, next_klv, SEEK_SET);
+ avio_seek(s->pb, klv.next_klv, SEEK_SET);
return 0;
} else
--
2.16.4
More information about the ffmpeg-devel
mailing list