Re: [FFmpeg-devel] [PATCH] read reel_name metadata from tmcd atom

Wed, 06 Aug 2014 15:48:55 -0700 

On Wed, Aug 06, 2014 at 03:29:04PM -0700, Mark Reid wrote:
> Thanks for the quick feed back! I attached a small sample file, the media
> was generated with Davinci Resolve.


thanks
did you see the patch comments below ?
you didnt reply to them so i had the feeling you missed them, just
want to make sure you dont miss them and each waits on the other
deadlocking patch review ;)
no hurry with resubmitting


> 
> 
> On Wed, Aug 6, 2014 at 3:00 PM, Michael Niedermayer <michae...@gmx.at>
> wrote:
> 
> > On Wed, Aug 06, 2014 at 01:25:08PM -0700, Mark Reid wrote:
> > > ---
> > >  libavformat/mov.c | 20 ++++++++++++++++++++
> > >  1 file changed, 20 insertions(+)
> >
> > do you have a sample / testcase that you can share ?
> >
> >
> > >
> > > diff --git a/libavformat/mov.c b/libavformat/mov.c
> > > index ab85918..fb8d1fe 100644
> > > --- a/libavformat/mov.c
> > > +++ b/libavformat/mov.c
> > > @@ -1529,6 +1529,26 @@ static int mov_parse_stsd_data(MOVContext *c,
> > AVIOContext *pb,
> > >                  st->codec->flags2 |= CODEC_FLAG2_DROP_FRAME_TIMECODE;
> > >              st->codec->time_base.den = st->codec->extradata[16]; /*
> > number of frame */
> > >              st->codec->time_base.num = 1;
> > > +            if (size > 26) {
> > > +                uint32_t len = AV_RB32(st->codec->extradata + 18); /*
> > name atom length */
> > > +                uint32_t format = AV_RB32(st->codec->extradata + 22);
> >
> > > +                if (format == AV_RB32("name") && size >= 18 + len) {
> >
> > 18 + len can overflow
> >
> >
> > > +                    uint16_t str_size = AV_RB16(st->codec->extradata +
> > 26); /* string length */
> > > +                    char *reel_name = av_malloc(str_size + 1);
> > > +                    if (!reel_name)
> > > +                        return AVERROR(ENOMEM);
> > > +                    memcpy(reel_name, st->codec->extradata + 30,
> > str_size);
> >
> > this accesses extradata + 30, but the check is just for 26
> >
> >
> > > +                    reel_name[str_size] = 0; /* Add null terminator */
> > > +                    /* don't add reel_name if emtpy string */
> >
> > > +                    if (strcmp(reel_name, "") == 0) {
> >
> > *reel_name == 0
> >
> > [...]
> >
> > --
> > Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
> >
> > Avoid a single point of failure, be that a person or equipment.
> >
> > _______________________________________________
> > ffmpeg-devel mailing list
> > ffmpeg-devel@ffmpeg.org
> > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >
> >


> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel


-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I am the wisest man alive, for I know one thing, and that is that I know
nothing. -- Socrates

Attachment: signature.asc
Description: Digital signature

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Reply via email to