| Message ID | 20190720131308.1040-1-jamrial@gmail.com |
|---|---|
| State | New |
| Headers | show |
> Am 20.07.2019 um 15:13 schrieb James Almer <jamrial@gmail.com>: > > Should fix ticket #6634 > > Signed-off-by: James Almer <jamrial@gmail.com> > --- > libavformat/aacdec.c | 44 +++++++++++++++++++++++++++++--------------- > 1 file changed, 29 insertions(+), 15 deletions(-) > > diff --git a/libavformat/aacdec.c b/libavformat/aacdec.c > index 8a5450880b..5b00b3f664 100644 > --- a/libavformat/aacdec.c > +++ b/libavformat/aacdec.c > @@ -80,10 +80,31 @@ static int adts_aac_probe(const AVProbeData *p) > return 0; > } > > +static int adts_aac_resync(AVFormatContext *s) > +{ > + uint16_t state; > + > + // skip data until an ADTS frame is found > + state = avio_r8(s->pb); > + while (!avio_feof(s->pb) && avio_tell(s->pb) < s->probesize) { > + state = (state << 8) | avio_r8(s->pb); > + if ((state >> 4) != 0xFFF) > + continue; > + avio_seek(s->pb, -2, SEEK_CUR); > + break; > + } > + if (s->pb->eof_reached) > + return AVERROR_EOF; > + if ((state >> 4) != 0xFFF) > + return AVERROR_INVALIDDATA; > + > + return 0; > +} Given the importance of this fix, splitting it may make sense. Anyway, thank you! Carl Eugen
On 7/20/2019 12:33 PM, Carl Eugen Hoyos wrote: > > > >> Am 20.07.2019 um 15:13 schrieb James Almer <jamrial@gmail.com>: >> >> Should fix ticket #6634 >> >> Signed-off-by: James Almer <jamrial@gmail.com> >> --- >> libavformat/aacdec.c | 44 +++++++++++++++++++++++++++++--------------- >> 1 file changed, 29 insertions(+), 15 deletions(-) >> >> diff --git a/libavformat/aacdec.c b/libavformat/aacdec.c >> index 8a5450880b..5b00b3f664 100644 >> --- a/libavformat/aacdec.c >> +++ b/libavformat/aacdec.c >> @@ -80,10 +80,31 @@ static int adts_aac_probe(const AVProbeData *p) >> return 0; >> } >> >> +static int adts_aac_resync(AVFormatContext *s) >> +{ >> + uint16_t state; >> + >> + // skip data until an ADTS frame is found >> + state = avio_r8(s->pb); >> + while (!avio_feof(s->pb) && avio_tell(s->pb) < s->probesize) { >> + state = (state << 8) | avio_r8(s->pb); >> + if ((state >> 4) != 0xFFF) >> + continue; >> + avio_seek(s->pb, -2, SEEK_CUR); >> + break; >> + } >> + if (s->pb->eof_reached) >> + return AVERROR_EOF; >> + if ((state >> 4) != 0xFFF) >> + return AVERROR_INVALIDDATA; >> + >> + return 0; >> +} > > Given the importance of this fix, splitting it may make sense. > > Anyway, thank you! > > Carl Eugen Will split and push later today. Thanks.
On 7/20/2019 12:41 PM, James Almer wrote: > On 7/20/2019 12:33 PM, Carl Eugen Hoyos wrote: >> >> >> >>> Am 20.07.2019 um 15:13 schrieb James Almer <jamrial@gmail.com>: >>> >>> Should fix ticket #6634 >>> >>> Signed-off-by: James Almer <jamrial@gmail.com> >>> --- >>> libavformat/aacdec.c | 44 +++++++++++++++++++++++++++++--------------- >>> 1 file changed, 29 insertions(+), 15 deletions(-) >>> >>> diff --git a/libavformat/aacdec.c b/libavformat/aacdec.c >>> index 8a5450880b..5b00b3f664 100644 >>> --- a/libavformat/aacdec.c >>> +++ b/libavformat/aacdec.c >>> @@ -80,10 +80,31 @@ static int adts_aac_probe(const AVProbeData *p) >>> return 0; >>> } >>> >>> +static int adts_aac_resync(AVFormatContext *s) >>> +{ >>> + uint16_t state; >>> + >>> + // skip data until an ADTS frame is found >>> + state = avio_r8(s->pb); >>> + while (!avio_feof(s->pb) && avio_tell(s->pb) < s->probesize) { >>> + state = (state << 8) | avio_r8(s->pb); >>> + if ((state >> 4) != 0xFFF) >>> + continue; >>> + avio_seek(s->pb, -2, SEEK_CUR); >>> + break; >>> + } >>> + if (s->pb->eof_reached) >>> + return AVERROR_EOF; >>> + if ((state >> 4) != 0xFFF) >>> + return AVERROR_INVALIDDATA; >>> + >>> + return 0; >>> +} >> >> Given the importance of this fix, splitting it may make sense. >> >> Anyway, thank you! >> >> Carl Eugen > > Will split and push later today. Thanks. Pushed.
diff --git a/libavformat/aacdec.c b/libavformat/aacdec.c index 8a5450880b..5b00b3f664 100644 --- a/libavformat/aacdec.c +++ b/libavformat/aacdec.c @@ -80,10 +80,31 @@ static int adts_aac_probe(const AVProbeData *p) return 0; } +static int adts_aac_resync(AVFormatContext *s) +{ + uint16_t state; + + // skip data until an ADTS frame is found + state = avio_r8(s->pb); + while (!avio_feof(s->pb) && avio_tell(s->pb) < s->probesize) { + state = (state << 8) | avio_r8(s->pb); + if ((state >> 4) != 0xFFF) + continue; + avio_seek(s->pb, -2, SEEK_CUR); + break; + } + if (s->pb->eof_reached) + return AVERROR_EOF; + if ((state >> 4) != 0xFFF) + return AVERROR_INVALIDDATA; + + return 0; +} + static int adts_aac_read_header(AVFormatContext *s) { AVStream *st; - uint16_t state; + int ret; st = avformat_new_stream(s, NULL); if (!st) @@ -101,17 +122,9 @@ static int adts_aac_read_header(AVFormatContext *s) avio_seek(s->pb, cur, SEEK_SET); } - // skip data until the first ADTS frame is found - state = avio_r8(s->pb); - while (!avio_feof(s->pb) && avio_tell(s->pb) < s->probesize) { - state = (state << 8) | avio_r8(s->pb); - if ((state >> 4) != 0xFFF) - continue; - avio_seek(s->pb, -2, SEEK_CUR); - break; - } - if ((state >> 4) != 0xFFF) - return AVERROR_INVALIDDATA; + ret = adts_aac_resync(s); + if (ret < 0) + return ret; // LCM of all possible ADTS sample rates avpriv_set_pts_info(st, 64, 1, 28224000); @@ -177,9 +190,10 @@ retry: } if (!ff_id3v2_match(pkt->data, ID3v2_DEFAULT_MAGIC)) { av_packet_unref(pkt); - return AVERROR_INVALIDDATA; - } - ret = handle_id3(s, pkt); + ret = adts_aac_resync(s); + } else + ret = handle_id3(s, pkt); + if (ret < 0) return ret;
Should fix ticket #6634 Signed-off-by: James Almer <jamrial@gmail.com> --- libavformat/aacdec.c | 44 +++++++++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 15 deletions(-)