From: Gyan Doshi <ffmpeg@gyani.pro>
To: ffmpeg-devel@ffmpeg.org
Subject: Re: [FFmpeg-devel] [PATCH v2 2/2] avformat/mov: validate box size for stts
Date: Thu, 23 Dec 2021 12:54:58 +0530
Message-ID: <8698638f-6bb2-490a-4984-2ac0b5d66364@gyani.pro> (raw)
In-Reply-To: <20211222213417.GE2829255@pb2>
On 2021-12-23 03:04 am, Michael Niedermayer wrote:
> On Wed, Dec 22, 2021 at 06:17:28PM +0530, Gyan Doshi wrote:
>> ---
>> libavformat/mov.c | 6 ++++++
>> 1 file changed, 6 insertions(+)
>>
>> diff --git a/libavformat/mov.c b/libavformat/mov.c
>> index 7de95b7ab0..1e44c74944 100644
>> --- a/libavformat/mov.c
>> +++ b/libavformat/mov.c
>> @@ -2969,6 +2969,12 @@ static int mov_read_stts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
>> avio_rb24(pb); /* flags */
>> entries = avio_rb32(pb);
>>
>> + if (validate_box_size(c, atom, pb, avio_tell(pb)-8, 8+(int64_t)entries*8, 0)) {
>> + av_log(c->fc, AV_LOG_ERROR, "Invalid or incomplete %s box in stream %d\n",
>> + av_fourcc2str(atom.type), c->fc->nb_streams-1);
>> + return AVERROR_INVALIDDATA;
>> + }
>> +
>> av_log(c->fc, AV_LOG_TRACE, "track[%u].stts.entries = %u\n",
>> c->fc->nb_streams-1, entries);
>>
> this breaks playback of
>
> ./ffplay H263_NM_f.mp4
Sent revised set.
However, do we need to allow this?
The file has multiple invalid boxes. gpac refuses to import it. vlc
using its default mp4 demuxer does not open it, neither does wmp or firefox.
Seems only avformat users can open the file.
Regards,
Gyan
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next prev parent reply other threads:[~2021-12-23 7:25 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-22 11:30 [FFmpeg-devel] [PATCH 1/2] avformat/mov: add validate_box_size Gyan Doshi
2021-12-22 11:30 ` [FFmpeg-devel] [PATCH 2/2] avformat/mov: validate box size for stts Gyan Doshi
2021-12-22 12:19 ` [FFmpeg-devel] [PATCH 1/2] avformat/mov: add validate_box_size "zhilizhao(赵志立)"
2021-12-22 12:47 ` [FFmpeg-devel] [PATCH v2 " Gyan Doshi
2021-12-22 12:47 ` [FFmpeg-devel] [PATCH v2 2/2] avformat/mov: validate box size for stts Gyan Doshi
2021-12-22 21:34 ` Michael Niedermayer
2021-12-23 7:24 ` Gyan Doshi [this message]
2021-12-23 11:26 ` Michael Niedermayer
2021-12-22 13:13 ` [FFmpeg-devel] [PATCH v2 1/2] avformat/mov: add validate_box_size Nicolas George
2021-12-22 13:33 ` Gyan Doshi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8698638f-6bb2-490a-4984-2ac0b5d66364@gyani.pro \
--to=ffmpeg@gyani.pro \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git