[FFmpeg-devel] avformat/ac3dec: always skip junk bytes before sync bytes

Submitted by Paul B Mahol on Nov. 25, 2018, 11:18 a.m.

Details

Message ID 20181125111815.29038-1-onemda@gmail.com
State New
Headers show

Commit Message

Paul B Mahol Nov. 25, 2018, 11:18 a.m.
Fixes #7278.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
---
 libavcodec/ac3dec.c  | 19 ++++++++++++++++---
 libavformat/ac3dec.c |  2 +-
 2 files changed, 17 insertions(+), 4 deletions(-)

Comments

Michael Niedermayer Nov. 26, 2018, 9:57 p.m.
On Sun, Nov 25, 2018 at 12:18:15PM +0100, Paul B Mahol wrote:
> Fixes #7278.
> 
> Signed-off-by: Paul B Mahol <onemda@gmail.com>
> ---
>  libavcodec/ac3dec.c  | 19 ++++++++++++++++---
>  libavformat/ac3dec.c |  2 +-
>  2 files changed, 17 insertions(+), 4 deletions(-)

this seems to break 
TEST    eac3-5
stddev: 1071.76 PSNR: 35.73 MAXDIFF:11122 bytes:  3858432/  2893824
MAXDIFF: |11122 - 0| >= 1
size: |3858432 - 2893824| >= 0
Test eac3-5 failed. Look at tests/data/fate/eac3-5.err for details.
make: *** [fate-eac3-5] Error 1

[...]

Patch hide | download patch | download mbox

diff --git a/libavcodec/ac3dec.c b/libavcodec/ac3dec.c
index 43b22b7654..90e4dc8a1f 100644
--- a/libavcodec/ac3dec.c
+++ b/libavcodec/ac3dec.c
@@ -1467,7 +1467,7 @@  static int ac3_decode_frame(AVCodecContext * avctx, void *data,
     int buf_size, full_buf_size = avpkt->size;
     AC3DecodeContext *s = avctx->priv_data;
     int blk, ch, err, offset, ret;
-    int got_independent_frame = 0;
+    int skip = 0, got_independent_frame = 0;
     const uint8_t *channel_map;
     uint8_t extended_channel_map[EAC3_MAX_CHANNELS];
     const SHORTFLOAT *output[AC3_MAX_CHANNELS];
@@ -1477,6 +1477,14 @@  static int ac3_decode_frame(AVCodecContext * avctx, void *data,
     s->superframe_size = 0;
 
     buf_size = full_buf_size;
+    while (buf_size > 2) {
+        if (AV_RB16(buf) != 0x770B && AV_RL16(buf) != 0x770B) {
+            buf += 1;
+            buf_size -= 1;
+            continue;
+        }
+        break;
+    }
     /* copy input buffer to decoder context to avoid reading past the end
        of the buffer, which can be caused by a damaged input stream. */
     if (buf_size >= 2 && AV_RB16(buf) == 0x770B) {
@@ -1637,6 +1645,10 @@  dependent_frame:
         AC3HeaderInfo hdr;
         int err;
 
+        if (buf_size - s->frame_size <= 16)
+            skip = buf_size - s->frame_size;
+            goto skip;
+
         if ((ret = init_get_bits8(&s->gbc, buf + s->frame_size, buf_size - s->frame_size)) < 0)
             return ret;
 
@@ -1657,6 +1669,7 @@  dependent_frame:
             }
         }
     }
+skip:
 
     frame->decode_error_flags = err ? FF_DECODE_ERROR_INVALID_BITSTREAM : 0;
 
@@ -1796,9 +1809,9 @@  dependent_frame:
     *got_frame_ptr = 1;
 
     if (!s->superframe_size)
-        return FFMIN(full_buf_size, s->frame_size);
+        return FFMIN(full_buf_size, s->frame_size + skip);
 
-    return FFMIN(full_buf_size, s->superframe_size);
+    return FFMIN(full_buf_size, s->superframe_size + skip);
 }
 
 /**
diff --git a/libavformat/ac3dec.c b/libavformat/ac3dec.c
index 6f423ff7eb..2718061bdc 100644
--- a/libavformat/ac3dec.c
+++ b/libavformat/ac3dec.c
@@ -47,7 +47,7 @@  static int ac3_eac3_probe(AVProbeData *p, enum AVCodecID expected_codec_id)
             uint16_t frame_size;
             int i, ret;
 
-            if(!memcmp(buf2, "\x1\x10\0\0\0\0\0\0", 8)) {
+            if(!memcmp(buf2, "\x1\x10", 2)) {
                 if (buf2 + 16 > end)
                     break;
                 buf2+=16;