Opened 4 years ago
Closed 4 years ago
#4456 closed defect (invalid)
unsafe use of avio_r*() functions could cause demuxers into wrong state
| Reported by: | bbcallen | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | avformat |
| Version: | git-master | Keywords: | |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
Many demuxers are parsing frames by using
avio_r*() functions without checking EOF/error
Take libavformat/flvdec.c as an example:
(Line 903):
// 1. return 0 for EOF/Error
// 2. mark s->eof_reached to 1, so far, so good.
size = avio_rb32(s->pb);
// 1. make a successful seek to the wrong place
// 2. reset s->eof_reached to 0
avio_seek(s->pb, fsize - 3 - size, SEEK_SET);
// continue to read at wrong place.
if (size == avio_rb24(s->pb) + 11) {
...
Change History (4)
comment:1 Changed 4 years ago by bbcallen
- Component changed from undetermined to avformat
- Version changed from unspecified to git-master
comment:2 Changed 4 years ago by heleppkes
comment:3 Changed 4 years ago by bbcallen
Thanks for your advise.
Actually, too many 'errors' in different demuxers to fix them once and for all. At least, flv and mov in my situation.
I'll submit a patch to ffmpeg-devel as a basis of discuss.
comment:4 Changed 4 years ago by michael
- Resolution set to invalid
- Status changed from new to closed
Iam closing this as its not a specific bug that a human could fix. Aka this is way to broad and generic. Please open separate tickets or submit patches, one per issue if there are issues remaining after your patches
Thanks
Note: See
TracTickets for help on using
tickets.
"Generic" error reports are unlikely to get any attention.
If you think there is an actual error in a demuxer, you should point out which demuxer and ideally a file with which it can be reproduced.