Re: [FFmpeg-devel] [PATCH] mpegts.c: pat_cb(): ensure all PIDs are valid

Fri, 22 Nov 2024 11:57:19 -0800 


On Fri, 15 Nov 2024, Scott Theisen wrote:


originally from:
https://github.com/MythTV/mythtv/commit/a1d4d112c3f962a85ddd6248592421171fc8331c
referencing:
https://code.mythtv.org/trac/ticket/1887

ISO/IEC 13818-1:2021 specifies a valid range of [0x0010, 0x1FFE] in
§ 2.4.4.6 Semantic definition of fields in program association section
and Table 2-3 – PID table
---
libavformat/mpegts.c | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c
index 78ab7f7efe..6d5dc3050b 100644
--- a/libavformat/mpegts.c
+++ b/libavformat/mpegts.c
@@ -2580,6 +2580,12 @@ static void pat_cb(MpegTSFilter *filter, const uint8_t 
*section, int section_len
            break;

        av_log(ts->stream, AV_LOG_TRACE, "sid=0x%x pid=0x%x\n", sid, pmt_pid);
+        if (pmt_pid <= 0x000F || pmt_pid >= 0x1FFF)
+        {
+            av_log(ts->stream, AV_LOG_ERROR, "Invalid PAT ignored "
+                   "MPEG Program Number=0x%x pid=0x%x\n", sid, pmt_pid);
+            return;
+        }



Strictly speaking this is no longer needed, because the crash which is 
fixed by this is already fixed by the check above:


        if (pmt_pid == ts->current_pid)
            break;


Nevertheless, I am not against a more restrictive check for pids, so 
maybe extending the current check with this:


if (pmt_pid == ts->current_pid || pmt_pid <= 0x000F || pmt_pid >= 0x1FFF)


would be better. If you want to report an error however, maybe you should 
use av_log_once() to not spam the user about the same issue for every 
PAT packet?



Also you might consider using continue instead of return, after all there 
is a specific entry in the PAT which is bogus, maybe we should simply 
ignore only that entry.


Thanks,
Marton




        if (sid == 0x0000) {
            /* NIT info */
--
2.43.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".






















					Reply via email to