Opened 9 years ago
Closed 9 years ago
#4456 closed defect (invalid)
unsafe use of avio_r*() functions could cause demuxers into wrong state
| Reported by: | bbcallen | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | avformat |
| Version: | git-master | Keywords: | |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
Many demuxers are parsing frames by using
avio_r*() functions without checking EOF/error
Take libavformat/flvdec.c as an example:
(Line 903):
// 1. return 0 for EOF/Error
// 2. mark s->eof_reached to 1, so far, so good.
size = avio_rb32(s->pb);
// 1. make a successful seek to the wrong place
// 2. reset s->eof_reached to 0
avio_seek(s->pb, fsize - 3 - size, SEEK_SET);
// continue to read at wrong place.
if (size == avio_rb24(s->pb) + 11) {
...
Change History (4)
comment:1 by , 9 years ago
| Component: | undetermined → avformat |
|---|---|
| Version: | unspecified → git-master |
comment:2 by , 9 years ago
comment:3 by , 9 years ago
Thanks for your advise.
Actually, too many 'errors' in different demuxers to fix them once and for all. At least, flv and mov in my situation.
I'll submit a patch to ffmpeg-devel as a basis of discuss.
comment:4 by , 9 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
Iam closing this as its not a specific bug that a human could fix. Aka this is way to broad and generic. Please open separate tickets or submit patches, one per issue if there are issues remaining after your patches
Thanks
Note:
See TracTickets
for help on using tickets.
"Generic" error reports are unlikely to get any attention.
If you think there is an actual error in a demuxer, you should point out which demuxer and ideally a file with which it can be reproduced.