On Mon, Jun 15, 2015 at 9:17 PM, Andreas Cadhalpun
<andreas.cadhal...@googlemail.com> wrote:
> The values are written with avio_wl16 and if they don't fit into
> uint16_t, this triggers an av_assert2 in avio_w8.
>
> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
> ---
> libavformat/matroskadec.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
> index 81dd53f..7af03c9 100644
> --- a/libavformat/matroskadec.c
> +++ b/libavformat/matroskadec.c
> @@ -1889,6 +1889,14 @@ static int matroska_parse_tracks(AVFormatContext *s)
> NULL, NULL, NULL, NULL);
> avio_write(&b, "TTA1", 4);
> avio_wl16(&b, 1);
> + if (track->audio.channels > UINT16_MAX ||
> + track->audio.bitdepth > UINT16_MAX) {
> + av_log(matroska->ctx, AV_LOG_ERROR,
> + "Too large audio channel number %"PRIu64
> + " or bitdepth %"PRIu64".\n",
> + track->audio.channels, track->audio.bitdepth);
> + return AVERROR_INVALIDDATA;
> + }
> avio_wl16(&b, track->audio.channels);
> avio_wl16(&b, track->audio.bitdepth);
> if (track->audio.out_samplerate < 0 ||
> track->audio.out_samplerate > INT_MAX)
> --
The commit message could clarify that this is in the TTA extradata
re-construction, because I was briefly confused why a demuxer would
"write" the sample rate.
Additionally, I would vote for using continue and just leaving this
track broken, instead of erroring out of reading entirely and making
reading the entire file impossible.
- Hendrik
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
