Re: [FFmpeg-devel] [PATCH V4 1/2] lavf/vc1test: fix vc1test can't probe some RCV file.

Tue, 16 Oct 2018 16:23:24 -0700 

On Mon, Oct 15, 2018 at 10:03:59PM +0800, Jun Zhao wrote:
> case 1:
> use the hexdump -C SMM0005.rcv get:
>                      size              skip (size - 4)
>                       |                        |
>                       V                        V
> 00000000  18 00 00 c5 05 00 00 00  4d f1 0a 11 00 e0 01 00
> 00000010  00 d0 02 00 00 0c 00 00  00 88 13 00 00 c0 65 52
>                          ^
>                        |
>                    size + 16
> case 2:
> same the command for SMM0015.rcv get:
>                     size
>                       |
>                       V
> 00000000  19 00 00 c5 04 00 00 00  41 f3 80 01 40 02 00 00
> 00000010  d0 02 00 00 0c 00 00 00  00 00 00 10 00 00 00 00
>                       ^
>                     |
>                  size + 16
> 
> There are different the RCV file format for VC-1, vc1test
> just handle the case 2 now, this fix will support the case 1.
> (Both of test clips come from: SMPTE Recommended Practice -
> VC-1 Decoder and Bitstream Conformance). And I think I got
> a older VC-1 test clip in the case 1.
> 
> Reviewed-by: Carl Eugen Hoyos <ceffm...@gmail.com>
> Reviewed-by: Jerome Borsboom <jerome.borsb...@carpalis.nl>
> Reviewed-by: Michael Niedermayer <mich...@niedermayer.cc>
> Signed-off-by: Jun Zhao <jun.z...@intel.com>
> Signed-off-by: Yan, FengX <fengx....@intel.com>
> ---
>  libavformat/vc1test.c |   12 ++++++++++--
>  1 files changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/libavformat/vc1test.c b/libavformat/vc1test.c
> index a801f4b..2427660 100644
> --- a/libavformat/vc1test.c
> +++ b/libavformat/vc1test.c
> @@ -34,9 +34,14 @@
>  
>  static int vc1t_probe(AVProbeData *p)
>  {
> +    int size;
> +
>      if (p->buf_size < 24)
>          return 0;
> -    if (p->buf[3] != 0xC5 || AV_RL32(&p->buf[4]) != 4 || 
> AV_RL32(&p->buf[20]) != 0xC)
> +
> +    size = AV_RL32(&p->buf[4]);
> +    if (p->buf[3] != 0xC5 || size < 4 || size+16 > p->buf_size ||

size + 16 is undefined here as it can overflow the int range


[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

If you drop bombs on a foreign country and kill a hundred thousand
innocent people, expect your government to call the consequence
"unprovoked inhuman terrorist attacks" and use it to justify dropping
more bombs and killing more people. The technology changed, the idea is old.

Attachment: signature.asc
Description: PGP signature

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Reply via email to