Message ID | 20201002055336.38476-2-liushuyu@aosc.io |
---|---|
State | New |
Headers | show |
Series | avformat: mca: relax a condition check to be able to play | expand |
Context | Check | Description |
---|---|---|
andriy/default | pending | |
andriy/make | success | Make finished |
andriy/make_fate | success | Make fate finished |
On Thu, Oct 01, 2020 at 11:53:36PM -0600, liushuyu@aosc.io wrote: > From: liushuyu <liushuyu@aosc.io> > > In certain mca files, the coefficient table is in the data section > instead of the header section. In this case, the coefficient offset > relative to the header ending marker is a negative value thus failing > the original condition check at line 146. > > The new check just check if the coefficient offset is within the file > range (since there is no way to know where the actual audio samples are > without the correct header information). > --- > libavformat/mca.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > LGTM, remind me to apply this if I forgot.
On 2020-10-02 02:14, Paul B Mahol wrote: > On Thu, Oct 01, 2020 at 11:53:36PM -0600, liushuyu@aosc.io wrote: >> From: liushuyu <liushuyu@aosc.io> >> >> In certain mca files, the coefficient table is in the data section >> instead of the header section. In this case, the coefficient offset >> relative to the header ending marker is a negative value thus failing >> the original condition check at line 146. >> >> The new check just check if the coefficient offset is within the file >> range (since there is no way to know where the actual audio samples >> are >> without the correct header information). >> --- >> libavformat/mca.c | 10 +++++----- >> 1 file changed, 5 insertions(+), 5 deletions(-) >> > > LGTM, remind me to apply this if I forgot. > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". Hi there, I am very sorry but are there any more issues that prevent this patch from being applied? Thanks, Zixing
diff --git a/libavformat/mca.c b/libavformat/mca.c index 27cfb1c..5bb9a35 100644 --- a/libavformat/mca.c +++ b/libavformat/mca.c @@ -48,9 +48,9 @@ static int read_header(AVFormatContext *s) int64_t file_size = avio_size(s->pb); uint16_t version = 0; uint32_t header_size, data_size, data_offset, loop_start, loop_end, - nb_samples, nb_metadata, coef_offset = 0; + nb_samples, nb_metadata = 0; int ch, ret; - int64_t ret_size; + int64_t ret_size, coef_offset = 0; st = avformat_new_stream(s, NULL); if (!st) @@ -144,10 +144,10 @@ static int read_header(AVFormatContext *s) } // coefficient alignment = 0x30; metadata size = 0x14 - if (0x30 * par->channels + nb_metadata * 0x14 > header_size) - return AVERROR_INVALIDDATA; coef_offset = - header_size - 0x30 * par->channels + nb_metadata * 0x14; + (int64_t)header_size - 0x30 * par->channels + nb_metadata * 0x14; + if (coef_offset < 0 || coef_offset >= file_size) + return AVERROR_INVALIDDATA; st->start_time = 0; par->codec_id = AV_CODEC_ID_ADPCM_THP_LE;
From: liushuyu <liushuyu@aosc.io> In certain mca files, the coefficient table is in the data section instead of the header section. In this case, the coefficient offset relative to the header ending marker is a negative value thus failing the original condition check at line 146. The new check just check if the coefficient offset is within the file range (since there is no way to know where the actual audio samples are without the correct header information). --- libavformat/mca.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)