diff mbox series

[FFmpeg-devel,2/2] avformat/mov: re-allow zero sample sizes if that is not the default

Message ID 20221204235002.26754-2-cus@passwd.hu
State New
Headers show
Series [FFmpeg-devel,1/2] avformat/mov: do not emit zero sized packets | expand

Checks

Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 success Make fate finished
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished

Commit Message

Marton Balint Dec. 4, 2022, 11:50 p.m. UTC 
Patch 03d81a044ad587ea83567f75dc36bc3d64278199 disallowed zero sample sizes,
but there are some files in the wild which have zero sized samples (e.g.
no audio in some part of a live recording).

Fix this by only disallowing zero sized samples if the size is coming from the
default sample size and not from the trun box. This approach fixes the original
timeout issue from fuzzed files differently.

Signed-off-by: Marton Balint <cus@passwd.hu>
---
 libavformat/mov.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 935b2f8d9f..9d3a2ab830 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -5230,6 +5230,9 @@  static int mov_read_trun(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     if (index_entry_pos > 0)
         prev_dts = sti->index_entries[index_entry_pos-1].timestamp;
 
+    if (entries && !frag->size && !(flags & MOV_TRUN_SAMPLE_SIZE))
+        return AVERROR_INVALIDDATA;
+
     for (i = 0; i < entries && !pb->eof_reached; i++) {
         unsigned sample_size = frag->size;
         int sample_flags = i ? frag->flags : first_sample_flags;
@@ -5293,8 +5296,6 @@  static int mov_read_trun(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         distance++;
         if (av_sat_add64(dts, sample_duration) != dts + (uint64_t)sample_duration)
             return AVERROR_INVALIDDATA;
-        if (!sample_size)
-            return AVERROR_INVALIDDATA;
         dts += sample_duration;
         offset += sample_size;
         sc->data_size += sample_size;