diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2014-02-12 16:00:37 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2014-02-12 16:04:26 +0100 |
| commit | 5634c9518f07b6767894b8a9556a8c8527c207b2 (patch) | |
| tree | 984d11b66eb3dc3a2c9aabd6fbb7059129430c87 | |
| parent | d32926db7f4224305a08510c3adc2a3467b3ab2f (diff) | |
| parent | 0ebb523f072322972ea446616676fff32e9603c6 (diff) | |
| download | ffmpeg-5634c9518f07b6767894b8a9556a8c8527c207b2.tar.gz | |
Merge commit '0ebb523f072322972ea446616676fff32e9603c6'
* commit '0ebb523f072322972ea446616676fff32e9603c6':
asfdec: check ff_get_guid() return values during seeking
Conflicts:
libavformat/asfdec.c
The code that pretends that a truncated index is correct and complete is not merged
as it obviously would cause problems if a really truncated index is encountered
If someone has samples that work better with that hack, please share them / mail me
also the bug this apparently attempts to fix isnt reproducable before this in ffmpeg
Merged-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | libavformat/asfdec.c | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c index 1f8b25c910..8d6de4a256 100644 --- a/libavformat/asfdec.c +++ b/libavformat/asfdec.c @@ -1456,30 +1456,30 @@ static int64_t asf_read_pts(AVFormatContext *s, int stream_index, return pts; } -static void asf_build_simple_index(AVFormatContext *s, int stream_index) +static int asf_build_simple_index(AVFormatContext *s, int stream_index) { ff_asf_guid g; ASFContext *asf = s->priv_data; int64_t current_pos = avio_tell(s->pb); + int ret = 0; if(avio_seek(s->pb, asf->data_object_offset + asf->data_object_size, SEEK_SET) < 0) { - asf->index_read= -1; - return; + return AVERROR_INVALIDDATA; } - ff_get_guid(s->pb, &g); + if ((ret = ff_get_guid(s->pb, &g)) < 0) + goto end; /* the data object can be followed by other top-level objects, * skip them until the simple index object is reached */ while (ff_guidcmp(&g, &ff_asf_simple_index_header)) { int64_t gsize = avio_rl64(s->pb); if (gsize < 24 || url_feof(s->pb)) { - avio_seek(s->pb, current_pos, SEEK_SET); - asf->index_read= -1; - return; + goto end; } avio_skip(s->pb, gsize - 24); - ff_get_guid(s->pb, &g); + if ((ret = ff_get_guid(s->pb, &g)) < 0) + goto end; } { @@ -1487,7 +1487,8 @@ static void asf_build_simple_index(AVFormatContext *s, int stream_index) int pct, ict; int i; int64_t av_unused gsize = avio_rl64(s->pb); - ff_get_guid(s->pb, &g); + if ((ret = ff_get_guid(s->pb, &g)) < 0) + goto end; itime = avio_rl64(s->pb); pct = avio_rl32(s->pb); ict = avio_rl32(s->pb); @@ -1510,7 +1511,12 @@ static void asf_build_simple_index(AVFormatContext *s, int stream_index) } asf->index_read = ict > 1; } +end: +// if (url_feof(s->pb)) { +// ret = 0; +// } avio_seek(s->pb, current_pos, SEEK_SET); + return ret; } static int asf_read_seek(AVFormatContext *s, int stream_index, @@ -1518,6 +1524,7 @@ static int asf_read_seek(AVFormatContext *s, int stream_index, { ASFContext *asf = s->priv_data; AVStream *st = s->streams[stream_index]; + int ret = 0; if (s->packet_size <= 0) return -1; @@ -1531,10 +1538,13 @@ static int asf_read_seek(AVFormatContext *s, int stream_index, return ret; } - if (!asf->index_read) - asf_build_simple_index(s, stream_index); + if (!asf->index_read) { + ret = asf_build_simple_index(s, stream_index); + if (ret < 0) + asf->index_read = -1; + } - if ((asf->index_read > 0 && st->index_entries)) { + if (asf->index_read > 0 && st->index_entries) { int index = av_index_search_timestamp(st, pts, flags); if (index >= 0) { /* find the position */ |