Patch 03d81a044ad587ea83567f75dc36bc3d64278199 disallowed zero sample sizes,
but there are some files in the wild which have zero sized samples (e.g.
no audio in some part of a live recording).
Fix this by simply ignoring a trun box with zero sized samples. This approach
fixes the original timeout issue from fuzzed files differently.
Signed-off-by: Marton Balint <c...@passwd.hu>
---
libavformat/mov.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 935b2f8d9f..63e0b614df 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -5121,6 +5121,11 @@ static int mov_read_trun(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
if (flags & MOV_TRUN_DATA_OFFSET) data_offset =
avio_rb32(pb);
if (flags & MOV_TRUN_FIRST_SAMPLE_FLAGS) first_sample_flags =
avio_rb32(pb);
+ if (entries && !frag->size && !(flags & MOV_TRUN_SAMPLE_SIZE)) {
+ av_log(c->fc, AV_LOG_WARNING, "Ignoring trun box with zero sized
samples\n");
+ entries = 0;
+ }
+
frag_stream_info = get_current_frag_stream_info(&c->frag_index);
if (frag_stream_info) {
if (frag_stream_info->next_trun_dts != AV_NOPTS_VALUE) {
@@ -5293,8 +5298,6 @@ static int mov_read_trun(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
distance++;
if (av_sat_add64(dts, sample_duration) != dts +
(uint64_t)sample_duration)
return AVERROR_INVALIDDATA;
- if (!sample_size)
- return AVERROR_INVALIDDATA;
dts += sample_duration;
offset += sample_size;
sc->data_size += sample_size;
--
2.35.3
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
