On Mon, Jul 31, 2017 at 04:42:20PM -0700, Dale Curtis wrote: > I'm not convinced my original patch catches all cases. So here's an updated > one which explicitly verifies the contract. > > - dale > > On Mon, Jul 31, 2017 at 2:40 PM, Dale Curtis <dalecur...@chromium.org> > wrote: > > > [mov] Bail when invalid sample data is present. > > > > ctts data in ffmpeg relies on the index entries array to be 1:1 > > with samples... yet sc->sample_count can be read directly from > > the 'stsz' box and index entries are only generated if a chunk > > count has been read from 'stco' box. > > > > Ensure that if sc->sample_count > 0, sc->chunk_count is too. > > > > This should be applied on top of the ctts fixes in my previous patch. > > > >
> mov.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > b9e9d387abfa321d17f117833f0b4a6f04ab6feb sample_count_fix_v2.patch > From 51571dd294350f2ef367fd9391ed4c1e94387947 Mon Sep 17 00:00:00 2001 > From: Dale Curtis <dalecur...@chromium.org> > Date: Mon, 31 Jul 2017 13:44:22 -0700 > Subject: [PATCH] [mov] Bail when invalid sample data is present. > > ctts data in ffmpeg relies on the index entries array to be 1:1 > with samples... yet sc->sample_count can be read directly from > the 'stsz' box and index entries are only generated if a chunk > count has been read from 'stco' box. > > Ensure that if sc->sample_count > 0, sc->chunk_count is too as > a basic sanity check. Additionally we need to check that after > the index is built we have the right number of entries, so we > also check in mov_read_trun() that sc->sample_count == > st->nb_index_entries. > --- > libavformat/mov.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) This patch breaks: http://samples.ffmpeg.org/mov/mp4/discont-frag.mp4 [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB In a rich man's house there is no place to spit but his face. -- Diogenes of Sinope
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
