[FFmpeg-devel] [PATCH 6/9] avformat/wavdec: fix s337m/spdif probing beyond data_end
Carl Eugen Hoyos
ceffmpeg at gmail.com
Mon Jan 13 23:12:02 EET 2020
Am Mo., 13. Jan. 2020 um 15:53 Uhr schrieb Gaullier Nicolas
<nicolas.gaullier at cji.paris>:
>
> >> diff --git a/libavformat/wavdec.c b/libavformat/wavdec.c index
> >> 2796905e1f..ccb9576b84 100644
> >> --- a/libavformat/wavdec.c
> >> +++ b/libavformat/wavdec.c
> >> @@ -78,7 +78,7 @@ static void set_spdif_s337m(AVFormatContext *s, WAVDemuxContext *wav)
> >> ret = AVERROR(ENOMEM);
> >> } else {
> >> int64_t pos = avio_tell(s->pb);
> >> - len = ret = avio_read(s->pb, buf, len);
> >> + len = ret = avio_read(s->pb, buf, FFMIN(len,
> >> + wav->data_end - pos));
> >> if (len >= 0) {
> >> ret = ff_spdif_probe(buf, len, &codec);
> >> if (ret > AVPROBE_SCORE_EXTENSION) {
> >
> >Looks OK. I suppose this fixes a potential SIGSEGV too?
> AVIO would just stop at EOF, I don't think a SIGSEGV could occur in any scenario.
> This fix only affects probing (ie. reading start of file) in a surprising scenario where the data chunk would not extend to the end of the file.
> This is many IF and I find it unlikely, but I think it should be fixed anyway.
Could you elaborate?
I believe the code is fine as-is but maybe I miss something...
Carl Eugen
More information about the ffmpeg-devel
mailing list