From patchwork Sun Nov 25 11:18:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul B Mahol X-Patchwork-Id: 11154 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 3AC5144C8FA for ; Sun, 25 Nov 2018 13:26:41 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B181D68A284; Sun, 25 Nov 2018 13:26:41 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 81405680D3A for ; Sun, 25 Nov 2018 13:26:35 +0200 (EET) Received: by mail-wm1-f66.google.com with SMTP id g67so2087705wmd.2 for ; Sun, 25 Nov 2018 03:26:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id; bh=Xfr7KzL01C2/S7N1ERmha5LroYsebIXQILE38CyF5qc=; b=R3CumGvC3RrbIh9uKodNKaeth2gkYJmJBbUQ0vjBGN//UXgxCK1/IQA8NbWskRJTB3 ZAa83lZnD1P4LVAKBS+wrgNQLgyPeknPFTgGOvt8qdXeUnjYA20rI1EwKQke/BRLlVAP zK1erJVexHatEBg0kN9vFFSf3fI7m3ZuqNVADYKw1jyKcufiDpA2zSaX1GcSQIEgtr3V +ZY3i5OTl9ohjZ14kEZ/qJDk/hw/ZxSYFog15WK4Y+KkwXyjAPorbOfwJlkj4jhKY/Ac cZeIj5L74iqMgp3fpvCVHkkL9DuZNwiEd13G2RU9LiYrnSG/LYW2Z7HfH5DEXQPkLC/n KR3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=Xfr7KzL01C2/S7N1ERmha5LroYsebIXQILE38CyF5qc=; b=XiJH3CYtIyRJ39V8wMvU38hxwhQW1IGNQ5xKrwHaoMLymkOB1l3Va0alhLml0MwrX9 KtYxnicDdMDQt1c3KGZ9aNJLp+kz1X9ij94/xP8SiGh9ipv71iyzOOc4J5ci+kOt151C 7vnq9EcH6Y8adgxO2Kd0YWlXQa0V8rqW6ta2x56ot3el3ijFjUycLy7CtKnfDDt5/Oqr XwcV3HywL+dQmiiuiov07DJyYTcx8P0ku2rU/FxrBTBsRubahqh/iWUtuMfWPcRsPnRL IB13fW4Rc5Ao6mrD/FXTLSUeOwv44NyDP5A5veawrMTV8/VtMgvz1AaoMoZL2y3+76b+ Ob9A== X-Gm-Message-State: AA+aEWY1C8WJvvtjIxJ9kjhZ/32aFDTK3I281j8cnl7lTzgbT4m1jQ23 vMkj+WtOREwV4wQRnNh3gDW2MMxA X-Google-Smtp-Source: AFSGD/VVHTVwsh1xw+m2g1CCsksZXi7c8yjpe42FsNvFglrzns1XISV+8YXlTdMg83dlLNaHTbSUbg== X-Received: by 2002:a7b:c191:: with SMTP id y17mr1595795wmi.10.1543144702976; Sun, 25 Nov 2018 03:18:22 -0800 (PST) Received: from localhost.localdomain ([94.250.174.60]) by smtp.gmail.com with ESMTPSA id 185sm7129155wmx.41.2018.11.25.03.18.22 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 25 Nov 2018 03:18:22 -0800 (PST) From: Paul B Mahol To: ffmpeg-devel@ffmpeg.org Date: Sun, 25 Nov 2018 12:18:15 +0100 Message-Id: <20181125111815.29038-1-onemda@gmail.com> X-Mailer: git-send-email 2.17.1 Subject: [FFmpeg-devel] [PATCH] avformat/ac3dec: always skip junk bytes before sync bytes X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Fixes #7278. Signed-off-by: Paul B Mahol --- libavcodec/ac3dec.c | 19 ++++++++++++++++--- libavformat/ac3dec.c | 2 +- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/libavcodec/ac3dec.c b/libavcodec/ac3dec.c index 43b22b7654..90e4dc8a1f 100644 --- a/libavcodec/ac3dec.c +++ b/libavcodec/ac3dec.c @@ -1467,7 +1467,7 @@ static int ac3_decode_frame(AVCodecContext * avctx, void *data, int buf_size, full_buf_size = avpkt->size; AC3DecodeContext *s = avctx->priv_data; int blk, ch, err, offset, ret; - int got_independent_frame = 0; + int skip = 0, got_independent_frame = 0; const uint8_t *channel_map; uint8_t extended_channel_map[EAC3_MAX_CHANNELS]; const SHORTFLOAT *output[AC3_MAX_CHANNELS]; @@ -1477,6 +1477,14 @@ static int ac3_decode_frame(AVCodecContext * avctx, void *data, s->superframe_size = 0; buf_size = full_buf_size; + while (buf_size > 2) { + if (AV_RB16(buf) != 0x770B && AV_RL16(buf) != 0x770B) { + buf += 1; + buf_size -= 1; + continue; + } + break; + } /* copy input buffer to decoder context to avoid reading past the end of the buffer, which can be caused by a damaged input stream. */ if (buf_size >= 2 && AV_RB16(buf) == 0x770B) { @@ -1637,6 +1645,10 @@ dependent_frame: AC3HeaderInfo hdr; int err; + if (buf_size - s->frame_size <= 16) + skip = buf_size - s->frame_size; + goto skip; + if ((ret = init_get_bits8(&s->gbc, buf + s->frame_size, buf_size - s->frame_size)) < 0) return ret; @@ -1657,6 +1669,7 @@ dependent_frame: } } } +skip: frame->decode_error_flags = err ? FF_DECODE_ERROR_INVALID_BITSTREAM : 0; @@ -1796,9 +1809,9 @@ dependent_frame: *got_frame_ptr = 1; if (!s->superframe_size) - return FFMIN(full_buf_size, s->frame_size); + return FFMIN(full_buf_size, s->frame_size + skip); - return FFMIN(full_buf_size, s->superframe_size); + return FFMIN(full_buf_size, s->superframe_size + skip); } /** diff --git a/libavformat/ac3dec.c b/libavformat/ac3dec.c index 6f423ff7eb..2718061bdc 100644 --- a/libavformat/ac3dec.c +++ b/libavformat/ac3dec.c @@ -47,7 +47,7 @@ static int ac3_eac3_probe(AVProbeData *p, enum AVCodecID expected_codec_id) uint16_t frame_size; int i, ret; - if(!memcmp(buf2, "\x1\x10\0\0\0\0\0\0", 8)) { + if(!memcmp(buf2, "\x1\x10", 2)) { if (buf2 + 16 > end) break; buf2+=16;