| Message ID | 20170905163808.75833-1-lq@chinaffmpeg.org |
|---|---|
| State | Accepted |
| Commit | 15537c904ec96e4d2e9435100d403283a5fed029 |
| Headers | show |
2017-09-06 0:38 GMT+08:00 Steven Liu <lq@chinaffmpeg.org>: > COPY FROM libav Martin Storsjö <martin@martin.st> > > If the metadata packet is corrupted, flv_read_metabody can accidentally > read past the start of the next packet. If the start of the next packet > had been flushed out of the IO buffer, we would be unable to seek to > the right position (on a nonseekable stream). > > Prefer to clearly error out instead of silently trying to read from a > desynced stream which will only be interpreted as garbage. > > Signed-off-by: Steven Liu <lq@chinaffmpeg.org> > --- > libavformat/flvdec.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c > index 2e70352c53..2d89bef15f 100644 > --- a/libavformat/flvdec.c > +++ b/libavformat/flvdec.c > @@ -1015,7 +1015,13 @@ retry: > "Skipping flv packet: type %d, size %d, flags %d.\n", > type, size, flags); > skip: > - avio_seek(s->pb, next, SEEK_SET); > + if (avio_seek(s->pb, next, SEEK_SET) != next) { > + // This can happen if flv_read_metabody above read past > + // next, on a non-seekable input, and the preceding data has > + // been flushed out from the IO buffer. > + av_log(s, AV_LOG_ERROR, "Unable to seek to the next packet\n"); > + return AVERROR_INVALIDDATA; > + } > ret = FFERROR_REDO; > goto leave; > } > -- > 2.11.0 (Apple Git-81) > > > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel pushed
2017-09-05 18:38 GMT+02:00 Steven Liu <lq@chinaffmpeg.org>:
> COPY FROM libav Martin Storsjö <martin@martin.st>
This should have been the author information of the patch
instead of part of the commit message, you removed it
completely from the actual commit;-(
Imo, the best solution is that you revert this patch and commit
a patch with the correct author information and push both.
Carl Eugen
------------------ Original ------------------ From: "Carl Eugen Hoyos"<ceffmpeg@gmail.com>; Date: Fri, Oct 27, 2017 04:22 AM To: "FFmpeg development discussions and patches"<ffmpeg-devel@ffmpeg.org>; Subject: Re: [FFmpeg-devel] [PATCH] flvdec: Check the avio_seek return valueafter reading a metadata packet 2017-09-05 18:38 GMT+02:00 Steven Liu <lq@chinaffmpeg.org>: > COPY FROM libav Martin Storsjö <martin@martin.st> This should have been the author information of the patch instead of part of the commit message, you removed it completely from the actual commit;-( Imo, the best solution is that you revert this patch and commit a patch with the correct author information and push both. have revert and commit by author Martin Storsjö <martin@martin.st> and pushed! Thanks Carl Eugen _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index 2e70352c53..2d89bef15f 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -1015,7 +1015,13 @@ retry: "Skipping flv packet: type %d, size %d, flags %d.\n", type, size, flags); skip: - avio_seek(s->pb, next, SEEK_SET); + if (avio_seek(s->pb, next, SEEK_SET) != next) { + // This can happen if flv_read_metabody above read past + // next, on a non-seekable input, and the preceding data has + // been flushed out from the IO buffer. + av_log(s, AV_LOG_ERROR, "Unable to seek to the next packet\n"); + return AVERROR_INVALIDDATA; + } ret = FFERROR_REDO; goto leave; }
COPY FROM libav Martin Storsjö <martin@martin.st> If the metadata packet is corrupted, flv_read_metabody can accidentally read past the start of the next packet. If the start of the next packet had been flushed out of the IO buffer, we would be unable to seek to the right position (on a nonseekable stream). Prefer to clearly error out instead of silently trying to read from a desynced stream which will only be interpreted as garbage. Signed-off-by: Steven Liu <lq@chinaffmpeg.org> --- libavformat/flvdec.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)