Re: [FFmpeg-devel] [PATCH v3 3/3] aadec: fix seeking in mp3 content
> Am 06.07.2018 um 23:32 schrieb Michael Niedermayer : > > Signierter PGP-Teil > On Fri, Jul 06, 2018 at 10:49:46AM +0200, Karsten Otto wrote: >> >>> Am 04.07.2018 um 23:54 schrieb Michael Niedermayer : >>> >>> Signierter PGP-Teil >>> On Wed, Jul 04, 2018 at 09:32:32AM +0200, Karsten Otto wrote: > Am 04.07.2018 um 03:26 schrieb Michael Niedermayer > : > > Signierter PGP-Teil > On Tue, Jul 03, 2018 at 10:25:36PM +0200, Karsten Otto wrote: >> TL;DR: I will drop patch 3/3, may rather spend some time investigating >> why >> "ff ee 47 9d“ passes the mp3 header parser. Also, the aa file "index" >> cannot >> be used for frame or chapter detection, unfortunately. >> >> More details inline below. >> >>> Am 03.07.2018 um 02:32 schrieb Michael Niedermayer >>> : >>> >>> Signierter PGP-Teil >>> On Mon, Jul 02, 2018 at 07:21:43PM +0200, Karsten Otto wrote: > Am 02.07.2018 um 10:59 schrieb Michael Niedermayer > : > > Signierter PGP-Teil > On Thu, Jun 21, 2018 at 06:58:26PM +0200, Karsten Otto wrote: >> MP3 frames may not be aligned to aa chunk boundaries. After seeking, >> scan for the next valid frame header. Then truncate the packet, and >> also adjust timestamp information accordingly. >> --- >> libavformat/aadec.c | 33 - >> 1 file changed, 28 insertions(+), 5 deletions(-) > > Please see AVSTREAM_PARSE_TIMESTAMPS > > This codec specific code in demuxers should not be needed > I tried that before, and you are right that it takes care of timestamp adjustments. However, after a seek the parsed packet still contains a partial frame before the next full one. I had expected libavformat/mpegaudio_parser.c to detect this situation and discard the fragment, but unfortunately it does not. Instead it passes it unchanged to the codec, which plays it as a pop or even a very ugly BLEEEP - painful while wearing headphones! >>> >>> I think you mis-diagnose this at least somewhat >>> your code searches for a specific mp3 header, the parser and decoder >>> would >>> accept a wider range of mp3 variants. >>> But both can choose points that are not mp3 frame starts. (if that is >>> the >>> problem you are seeing, iam not completely sure it is) >>> >> It took a closer look at what happens when I hear a BLEEP: The packet >> begins >> with a partial frame, starting with the byte sequence "ff ee 47 9d“. >> Unfortunately, >> the mp3 parser indeed accepts this as a valid mp3 header, causing the >> noise. >> By looking for the more restricted header, my patch finds the real next >> frame at >> offset 78. >> >> BTW: Should this sequence actually pass? AFAIK 01 is not a valid MPEG >> audio >> version ID? >> >>> Also is the more restricted header you search for always used or could >>> this be failing with some files ? >>> >> Good question. So far, all mp3 aa files I tested with matched the format >> (MPEG 2 >> Layer III at 32 kbps and 22kHz). I doubt there are other variants, but >> can’t be sure. >> >>> Either way, looking at the demuxer a bit deeper, theres a TOC list in >>> the >>> main header which points to chunks. The one file i found has 12 such >>> chunks >>> the first represents the whole file i suspect, the next largest the >>> audio >>> data, another one the metadata. >>> I guess the remaining 2 large ones could be a cover image and an index. >> Correct, seems like all aa files have the TOC, but its entries can be in >> a different >> order in each file. I guess thats why the original aadec.c >> implementation just >> looks for the largest chunk to play. >> >>> I didnt really look at it, but theres a table in there with pairs of >>> 32bit >>> values. the first in the file i have goes from 0 to 3 the second starts >>> multiple times from 0 and seems monotonly increasing and staying within >>> the filesize. >>> The sample i have does not store mp3 but it looks like this is a index >>> maybe offsets for packets in each of the 3 chapters. >>> >>> Please look at the data, if it can be used. It would be much better than >>> scaning the file linearly and searching for some byte sequence to find >>> packet starts. >>> >> Short answer: Sorry, it is not possible to derive frame offsets nor >> chapter >> offsets from the index. >> > >> Long answer: >> All offsets in the index are the same, and matching the >> "codec_second_size" >> = crypto chunk size, roughly one second of audio: >>
Re: [FFmpeg-devel] [PATCH 3/3] libavcodec/vp8: Do not compute line pointers per pixel in fade()
On Sun, Jun 24, 2018 at 04:46:23AM +0200, Michael Niedermayer wrote: > 72->60 seconds > Testcase: > 8680/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP7_fuzzer-5861504418054144 > > Signed-off-by: Michael Niedermayer > --- > libavcodec/vp8.c | 6 -- > 1 file changed, 4 insertions(+), 2 deletions(-) will apply [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB You can kill me, but you cannot change the truth. signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] tests/fate/demux: Add test for d25c945247979a88fac6bb3b7a26370262b96ef1
On Tue, Jun 26, 2018 at 09:53:15PM +0200, Michael Niedermayer wrote: > Sample provided by Thierry for fate > > Signed-off-by: Michael Niedermayer > --- > tests/fate/demux.mak | 3 ++ > tests/ref/fate/ts-small-demux | 80 +++ > 2 files changed, 83 insertions(+) > create mode 100644 tests/ref/fate/ts-small-demux will apply [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB While the State exists there can be no freedom; when there is freedom there will be no State. -- Vladimir Lenin signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 2/2] avcodec/vp8_parser: Do not leave data/size uninitialized
On Fri, Jul 06, 2018 at 12:34:42PM +0200, Michael Niedermayer wrote: > This is identical to what the VP9 parser does > > Fixes: > 9215/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVPX_VP8_fuzzer-5768227253649408 > Fixes: out of memory access > > This may also fix oss fuzz issue 9212 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavcodec/vp8_parser.c | 3 +++ > 1 file changed, 3 insertions(+) will apply [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB It is what and why we do it that matters, not just one of them. signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/2] tools/target_dec_fuzzer: set parser codec id to avoid assertion failure
On Fri, Jul 06, 2018 at 12:34:41PM +0200, Michael Niedermayer wrote: > Signed-off-by: Michael Niedermayer > --- > tools/target_dec_fuzzer.c | 1 + > 1 file changed, 1 insertion(+) will apply [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB I have often repented speaking, but never of holding my tongue. -- Xenocrates signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 2/2] lavc/hevc_ps: use skip_bits instead of get_bits when skip bits.
2018-07-07 7:48 GMT+02:00, Jun Zhao :
> use skip_bits when want to skip some bits.
>
> Signed-off-by: Jun Zhao
> ---
> libavcodec/hevc_ps.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
> index bc5406b..278b928 100644
> --- a/libavcodec/hevc_ps.c
> +++ b/libavcodec/hevc_ps.c
> @@ -1679,7 +1679,7 @@ int ff_hevc_decode_nal_pps(GetBitContext *gb,
> AVCodecContext *avctx,
>
> if (get_bits1(gb)) { // pps_extension_present_flag
> int pps_range_extensions_flag = get_bits1(gb);
> -/* int pps_extension_7bits = */ get_bits(gb, 7);
> +skip_bits(gb, 7);
This seems to make the code less readable, no?
Carl Eugen
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] avfilter/setpts: add FR shorthand for FRAME_RATE
On 07-07-2018 11:03 AM, Gyan Doshi wrote: Plan to push tonight if no objections. Pushed as c71e1e60305669c225c696dd99f6db5dc550a56a ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH v4 0/3] libavformat/aadec: seek support
A patch series adding seek support to libavformat/aadec. This fourth version of the series addresses some more comments from the mailing list: Patch 2/3 now uses avpriv_set_pts_info(). Otherwise, it is still based on skipping through the content to collect chapter boundaries. This is not optimal, but the actual aa "index" is not understood well enough to be usable at this time. Patch 3/3 was completely reworked; it does not scan for mp3 headers anymore, which was unreliable and broke the separation of demuxer and codec. It now simply predicts the header offset, which works for the majority of tested audio material, while the effect on rare divergent material is negligible. Karsten Otto (3): aadec: improve eof detection aadec: add chapters and seeking aadec: improve seeking in mp3 content libavformat/aadec.c | 113 1 file changed, 106 insertions(+), 7 deletions(-) -- 2.14.3 (Apple Git-98) ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH v4 1/3] aadec: improve eof detection
Remember the end position of audio content in the file and check it during
read_packet. There always seems to be other data beyond it, which could be
misinterpreted as more audio. Also add some extra avio_read error checks,
to bail early in case of a broken/truncated file.
---
libavformat/aadec.c | 15 +--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/libavformat/aadec.c b/libavformat/aadec.c
index 8d39b1d9ba..4db71b1939 100644
--- a/libavformat/aadec.c
+++ b/libavformat/aadec.c
@@ -46,6 +46,7 @@ typedef struct AADemuxContext {
struct AVTEA *tea_ctx;
uint8_t file_key[16];
int64_t current_chapter_size;
+int64_t content_end;
} AADemuxContext;
static int get_second_size(char *codec_name)
@@ -197,6 +198,7 @@ static int aa_read_header(AVFormatContext *s)
}
start = TOC[largest_idx].offset;
avio_seek(pb, start, SEEK_SET);
+c->content_end = start + largest_size;
c->current_chapter_size = 0;
return 0;
@@ -214,6 +216,11 @@ static int aa_read_packet(AVFormatContext *s, AVPacket
*pkt)
int ret;
AADemuxContext *c = s->priv_data;
+// are we at the end of the audio content?
+if (avio_tell(s->pb) >= c->content_end) {
+return AVERROR_EOF;
+}
+
// are we at the start of a chapter?
if (c->current_chapter_size == 0) {
c->current_chapter_size = avio_rb32(s->pb);
@@ -234,7 +241,9 @@ static int aa_read_packet(AVFormatContext *s, AVPacket *pkt)
// decrypt c->current_codec_second_size bytes
blocks = c->current_codec_second_size / TEA_BLOCK_SIZE;
for (i = 0; i < blocks; i++) {
-avio_read(s->pb, src, TEA_BLOCK_SIZE);
+ret = avio_read(s->pb, src, TEA_BLOCK_SIZE);
+if (ret != TEA_BLOCK_SIZE)
+return (ret < 0) ? ret : AVERROR_EOF;
av_tea_init(c->tea_ctx, c->file_key, 16);
av_tea_crypt(c->tea_ctx, dst, src, 1, NULL, 1);
memcpy(buf + written, dst, TEA_BLOCK_SIZE);
@@ -242,7 +251,9 @@ static int aa_read_packet(AVFormatContext *s, AVPacket *pkt)
}
trailing_bytes = c->current_codec_second_size % TEA_BLOCK_SIZE;
if (trailing_bytes != 0) { // trailing bytes are left unencrypted!
-avio_read(s->pb, src, trailing_bytes);
+ret = avio_read(s->pb, src, trailing_bytes);
+if (ret != trailing_bytes)
+return (ret < 0) ? ret : AVERROR_EOF;
memcpy(buf + written, src, trailing_bytes);
written = written + trailing_bytes;
}
--
2.14.3 (Apple Git-98)
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH v4 3/3] aadec: improve seeking in mp3 content
MP3 frames may not be aligned to aa chunk boundaries. When seeking,
calculate the expected frame offset in the target chunk. Adjust the
timestamp and truncate the next packet accordingly.
This solution works for the majority of tested audio material. For
some rare encodings with mp3 padding or embedded id3 tags, it will
mispredict the correct offset, and at worst skip an extra frame.
---
libavformat/aadec.c | 15 ---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/libavformat/aadec.c b/libavformat/aadec.c
index e3c03bc522..2b9e4e526c 100644
--- a/libavformat/aadec.c
+++ b/libavformat/aadec.c
@@ -37,6 +37,7 @@
#define TEA_BLOCK_SIZE 8
#define CHAPTER_HEADER_SIZE 8
#define TIMEPREC 1000
+#define MP3_FRAME_SIZE 104
typedef struct AADemuxContext {
AVClass *class;
@@ -50,6 +51,7 @@ typedef struct AADemuxContext {
int64_t current_chapter_size;
int64_t content_start;
int64_t content_end;
+int seek_offset;
} AADemuxContext;
static int get_second_size(char *codec_name)
@@ -230,6 +232,7 @@ static int aa_read_header(AVFormatContext *s)
ff_update_cur_dts(s, st, 0);
avio_seek(pb, start, SEEK_SET);
c->current_chapter_size = 0;
+c->seek_offset = 0;
return 0;
}
@@ -295,12 +298,13 @@ static int aa_read_packet(AVFormatContext *s, AVPacket
*pkt)
if (c->current_chapter_size <= 0)
c->current_chapter_size = 0;
-ret = av_new_packet(pkt, written);
+ret = av_new_packet(pkt, written - c->seek_offset);
if (ret < 0)
return ret;
-memcpy(pkt->data, buf, written);
+memcpy(pkt->data, buf + c->seek_offset, written - c->seek_offset);
pkt->pos = pos;
+c->seek_offset = 0;
return 0;
}
@@ -344,7 +348,12 @@ static int aa_read_seek(AVFormatContext *s,
c->current_chapter_size = chapter_size - chapter_pos;
c->chapter_idx = 1 + chapter_idx;
-ff_update_cur_dts(s, s->streams[0], ch->start + chapter_pos * TIMEPREC);
+// handle extra offset for unaligned frames
+if (s->streams[0]->codecpar->codec_id == AV_CODEC_ID_MP3) {
+c->seek_offset = (MP3_FRAME_SIZE - chapter_pos % MP3_FRAME_SIZE) %
MP3_FRAME_SIZE;
+}
+
+ff_update_cur_dts(s, s->streams[0], ch->start + (chapter_pos +
c->seek_offset) * TIMEPREC);
return 1;
}
--
2.14.3 (Apple Git-98)
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH v4 2/3] aadec: add chapters and seeking
read_packet reads content in chunks. Thus seek must be clamped to valid
chunk positions in the file, which in turn are relative to chapter start
positions.
So in read_header, scan for chapter headers once by skipping through the
content. Set stream time_base based on bitrate in bytes/s, for easy
timestamp to position conversion.
Then in read_seek, find the chapter containing the seek position, calculate
the nearest chunk position, and reinit the read_seek state accordingly.
---
libavformat/aadec.c | 87 ++---
1 file changed, 83 insertions(+), 4 deletions(-)
diff --git a/libavformat/aadec.c b/libavformat/aadec.c
index 4db71b1939..e3c03bc522 100644
--- a/libavformat/aadec.c
+++ b/libavformat/aadec.c
@@ -35,6 +35,8 @@
#define MAX_TOC_ENTRIES 16
#define MAX_DICTIONARY_ENTRIES 128
#define TEA_BLOCK_SIZE 8
+#define CHAPTER_HEADER_SIZE 8
+#define TIMEPREC 1000
typedef struct AADemuxContext {
AVClass *class;
@@ -46,6 +48,7 @@ typedef struct AADemuxContext {
struct AVTEA *tea_ctx;
uint8_t file_key[16];
int64_t current_chapter_size;
+int64_t content_start;
int64_t content_end;
} AADemuxContext;
@@ -70,7 +73,7 @@ static int aa_read_header(AVFormatContext *s)
uint32_t nkey, nval, toc_size, npairs, header_seed = 0, start;
char key[128], val[128], codec_name[64] = {0};
uint8_t output[24], dst[8], src[8];
-int64_t largest_size = -1, current_size = -1;
+int64_t largest_size = -1, current_size = -1, chapter_pos;
struct toc_entry {
uint32_t offset;
uint32_t size;
@@ -173,19 +176,23 @@ static int aa_read_header(AVFormatContext *s)
st->codecpar->codec_id = AV_CODEC_ID_MP3;
st->codecpar->sample_rate = 22050;
st->need_parsing = AVSTREAM_PARSE_FULL_RAW;
-st->start_time = 0;
+avpriv_set_pts_info(st, 64, 8, 32000 * TIMEPREC);
} else if (!strcmp(codec_name, "acelp85")) {
st->codecpar->codec_id = AV_CODEC_ID_SIPR;
st->codecpar->block_align = 19;
st->codecpar->channels = 1;
st->codecpar->sample_rate = 8500;
+st->codecpar->bit_rate = 8500;
st->need_parsing = AVSTREAM_PARSE_FULL_RAW;
+avpriv_set_pts_info(st, 64, 8, 8500 * TIMEPREC);
} else if (!strcmp(codec_name, "acelp16")) {
st->codecpar->codec_id = AV_CODEC_ID_SIPR;
st->codecpar->block_align = 20;
st->codecpar->channels = 1;
st->codecpar->sample_rate = 16000;
+st->codecpar->bit_rate = 16000;
st->need_parsing = AVSTREAM_PARSE_FULL_RAW;
+avpriv_set_pts_info(st, 64, 8, 16000 * TIMEPREC);
}
/* determine, and jump to audio start offset */
@@ -198,7 +205,30 @@ static int aa_read_header(AVFormatContext *s)
}
start = TOC[largest_idx].offset;
avio_seek(pb, start, SEEK_SET);
+
+// extract chapter positions. since all formats have constant bit rate,
use it
+// as time base in bytes/s, for easy stream position <-> timestamp
conversion
+st->start_time = 0;
+c->content_start = start;
c->content_end = start + largest_size;
+
+while ((chapter_pos = avio_tell(pb)) >= 0 && chapter_pos < c->content_end)
{
+int chapter_idx, chapter_size;
+chapter_idx = s->nb_chapters;
+chapter_pos -= start + CHAPTER_HEADER_SIZE * chapter_idx;
+chapter_size = avio_rb32(pb);
+if (chapter_size == 0) break;
+avio_skip(pb, 4);
+avio_skip(pb, chapter_size);
+if (!avpriv_new_chapter(s, chapter_idx, st->time_base,
+chapter_pos * TIMEPREC, (chapter_pos + chapter_size) * TIMEPREC,
NULL))
+return AVERROR(ENOMEM);
+}
+
+st->duration = (largest_size - CHAPTER_HEADER_SIZE * s->nb_chapters) *
TIMEPREC;
+
+ff_update_cur_dts(s, st, 0);
+avio_seek(pb, start, SEEK_SET);
c->current_chapter_size = 0;
return 0;
@@ -215,9 +245,10 @@ static int aa_read_packet(AVFormatContext *s, AVPacket
*pkt)
int written = 0;
int ret;
AADemuxContext *c = s->priv_data;
+uint64_t pos = avio_tell(s->pb);
// are we at the end of the audio content?
-if (avio_tell(s->pb) >= c->content_end) {
+if (pos >= c->content_end) {
return AVERROR_EOF;
}
@@ -230,6 +261,7 @@ static int aa_read_packet(AVFormatContext *s, AVPacket *pkt)
av_log(s, AV_LOG_DEBUG, "Chapter %d (%" PRId64 " bytes)\n",
c->chapter_idx, c->current_chapter_size);
c->chapter_idx = c->chapter_idx + 1;
avio_skip(s->pb, 4); // data start offset
+pos += 8;
c->current_codec_second_size = c->codec_second_size;
}
@@ -267,10 +299,56 @@ static int aa_read_packet(AVFormatContext *s, AVPacket
*pkt)
if (ret < 0)
return ret;
memcpy(pkt->data, buf, written);
+pkt->pos = pos;
return 0;
}
+static int aa_read_seek(AVFormatContext *s,
+int stream_index, int64_t timestamp, int flags)
+{
+
[FFmpeg-devel] [PATCH] libavcodec/mpegaudiodecheader.c : prevent reserved id misinterpretation
Check the MPEG version ID for the reserved bit pattern 01, and abort header
parsing in that case. This reduces the chance of misinterpreting arbitrary
data as a valid frame start, and prevents the resulting audio artifacts.
---
libavcodec/mpegaudiodecheader.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libavcodec/mpegaudiodecheader.c b/libavcodec/mpegaudiodecheader.c
index 6cc79f18b5..23029f186a 100644
--- a/libavcodec/mpegaudiodecheader.c
+++ b/libavcodec/mpegaudiodecheader.c
@@ -46,10 +46,11 @@ int avpriv_mpegaudio_decode_header(MPADecodeHeader *s,
uint32_t header)
if (header & (1<<20)) {
s->lsf = (header & (1<<19)) ? 0 : 1;
mpeg25 = 0;
-} else {
+} else if (!(header & (1<<19))) {
s->lsf = 1;
mpeg25 = 1;
-}
+} else
+return -1; // reserved id
s->layer = 4 - ((header >> 17) & 3);
/* extract frequency */
--
2.14.3 (Apple Git-98)
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 2/2] avcodec/mjpegdec: Check for odd progressive RGB
On Fri, Jul 06, 2018 at 05:24:30PM +0200, Michael Niedermayer wrote: > Fixes: out of array access > Fixes: > 9225/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5684770334834688 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavcodec/mjpegdec.c | 4 > 1 file changed, 4 insertions(+) will apply [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB The worst form of inequality is to try to make unequal things equal. -- Aristotle signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] avformat/movenc: Write version 2 of audio atom if channels is not known
The version 1 needs the channel count and would divide by 0
Fixes: division by 0
Fixes: fpe_movenc.c_1108_1.ogg
Fixes: fpe_movenc.c_1108_2.ogg
Fixes: fpe_movenc.c_1108_3.wav
Found-by: #CHEN HONGXU#
Signed-off-by: Michael Niedermayer
---
libavformat/movenc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/movenc.c b/libavformat/movenc.c
index 78291a9adc..804deef10a 100644
--- a/libavformat/movenc.c
+++ b/libavformat/movenc.c
@@ -1022,7 +1022,7 @@ static int mov_write_audio_tag(AVFormatContext *s,
AVIOContext *pb, MOVMuxContex
uint32_t tag = track->tag;
if (track->mode == MODE_MOV) {
-if (track->timescale > UINT16_MAX) {
+if (track->timescale > UINT16_MAX || !track->par->channels) {
if (mov_get_lpcm_flags(track->par->codec_id))
tag = AV_RL32("lpcm");
version = 2;
--
2.18.0
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] avformat/movenc: Check input sample count
On Sat, Jul 07, 2018 at 02:46:35AM +0200, Michael Niedermayer wrote:
> On Fri, Jul 06, 2018 at 02:24:45PM -0700, Baptiste Coudurier wrote:
> > Hi Michael,
> >
> > On Fri, Jul 6, 2018 at 2:09 PM, Michael Niedermayer
> > wrote:
> >
> > > Fixes: division by 0
> > > Fixes: fpe_movenc.c_199_1.wav
> > > Fixes: fpe_movenc.c_199_2.wav
> > > Fixes: fpe_movenc.c_199_3.wav
> > > Fixes: fpe_movenc.c_199_4.wav
> > > Fixes: fpe_movenc.c_199_5.wav
> > > Fixes: fpe_movenc.c_199_6.wav
> > > Fixes: fpe_movenc.c_199_7.wav
> > >
> > > Found-by: #CHEN HONGXU#
> > > Signed-off-by: Michael Niedermayer
> > > ---
> > > libavformat/movenc.c | 5 +
> > > 1 file changed, 5 insertions(+)
> > >
> > > diff --git a/libavformat/movenc.c b/libavformat/movenc.c
> > > index fe0a244a8f..78291a9adc 100644
> > > --- a/libavformat/movenc.c
> > > +++ b/libavformat/movenc.c
> > > @@ -5269,6 +5269,11 @@ int ff_mov_write_packet(AVFormatContext *s,
> > > AVPacket *pkt)
> > > else
> > > samples_in_chunk = 1;
> > >
> > > +if (samples_in_chunk < 1) {
> > > +av_log(s, AV_LOG_ERROR, "fatal error, input packet contains no
> > > samples\n");
> > > +return AVERROR_PATCHWELCOME;
> > > +}
> > > +
> >
> >
> > Since "samples_in_chunk" is set to 1 just above, maybe the check can be
> > moved earlier ?
>
> the code before the else contains a few else if()
> from a quick look it seems plausible that multiple could reach
> samples_in_chunk=0
will apply
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
I do not agree with what you have to say, but I'll defend to the death your
right to say it. -- Voltaire
signature.asc
Description: PGP signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
