| Message ID | 20200518033033.27347-3-andreas.rheinhardt@gmail.com |
|---|---|
| State | Accepted |
| Commit | 9b614826275e346ac17b9bc7ef5a58dded5b1855 |
| Headers | show |
| Series | [FFmpeg-devel,1/5] avformat/webmdashenc: Avoid allocation for parsing a number | expand |
| Context | Check | Description |
|---|---|---|
| andriy/default | pending | |
| andriy/make | success | Make finished |
| andriy/make_fate | success | Make fate finished |
diff --git a/libavformat/webmdashenc.c b/libavformat/webmdashenc.c index 250c8ca3ad..fd07b3e34a 100644 --- a/libavformat/webmdashenc.c +++ b/libavformat/webmdashenc.c @@ -438,9 +438,10 @@ static int parse_adaptation_sets(AVFormatContext *s) // syntax id=0,streams=0,1,2 id=1,streams=3,4 and so on state = new_set; while (p < w->adaptation_sets + strlen(w->adaptation_sets)) { - if (*p == ' ') + if (state == new_set && *p == ' ') { + p++; continue; - else if (state == new_set && !strncmp(p, "id=", 3)) { + } else if (state == new_set && !strncmp(p, "id=", 3)) { void *mem = av_realloc(w->as, sizeof(*w->as) * (w->nb_as + 1)); const char *comma; if (mem == NULL)
The WebM DASH manifest muxer uses a loop to parse the adaptation_sets string (which is given by the user and governs which AVStreams are mapped to what adaptation set) and the very beginning of this loop is "if (*p == ' ') continue;". This of course leads to an infinite loop if the condition is true. It is true if e.g. the string begins with ' ' or if there are more than one ' ' between different adaptation set groups. To fix this, the parsing process has been modified to consume the space if it is at a place where it can legitimately occur, i.e. when a new adaptation set group is expected. The latter restriction implies that an error is returned if a space exists where none is allowed to exist. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> --- libavformat/webmdashenc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)