Mercurial > libavformat.hg
diff asf.c @ 1206:e60bf67d9bf8 libavformat
The reader ignores the size of the ASF data object and keeps on
reading even beyond it.
Therefore if the ASF file includes an index object at its end, the
reader will treat the index like data, but of course will fail since
it thinks that the data is corrupted.
When reading an asf file with an index object, ffmpeg will
complain at the end of the file that it read an invalid header.
Patch by Kohn Emil Dan, < emild A cs P technion P ac P il >
Original thead:
Date: Apr 18, 2006 4:11 PM
Subject: [Ffmpeg-devel] Two ASF related bugs and fixes
author | gpoirier |
---|---|
date | Sat, 29 Jul 2006 16:07:19 +0000 |
parents | 6a5e58d2114b |
children | cf88f6719743 |
line wrap: on
line diff
--- a/asf.c Sat Jul 29 15:36:13 2006 +0000 +++ b/asf.c Sat Jul 29 16:07:19 2006 +0000 @@ -327,6 +327,12 @@ pos2 = url_ftell(pb); url_fskip(pb, gsize - (pos2 - pos1 + 24)); } else if (!memcmp(&g, &data_header, sizeof(GUID))) { + asf->data_object_offset = url_ftell(pb); + if (gsize != (uint64_t)-1 && gsize >= 24) { + asf->data_object_size = gsize - 24; + } else { + asf->data_object_size = (uint64_t)-1; + } break; } else if (!memcmp(&g, &comment_header, sizeof(GUID))) { int len1, len2, len3, len4, len5; @@ -552,6 +558,9 @@ /* fail safe */ url_fskip(pb, ret); asf->packet_pos= url_ftell(&s->pb); + if (asf->data_object_size != (uint64_t)-1 && + (asf->packet_pos - asf->data_object_offset >= asf->data_object_size)) + return AVERROR_IO; /* Do not exceed the size of the data object */ ret = asf_get_packet(s); //printf("READ ASF PACKET %d r:%d c:%d\n", ret, asf->packet_size_left, pc++); if (ret < 0 || url_feof(pb))