spdif probing beyond data_end

Carl Eugen Hoyos Mon, 13 Jan 2020 13:12:55 -0800

Am Mo., 13. Jan. 2020 um 15:53 Uhr schrieb Gaullier Nicolas
<nicolas.gaullier@cji.paris>:
>
> >> diff --git a/libavformat/wavdec.c b/libavformat/wavdec.c index
> >> 2796905e1f..ccb9576b84 100644
> >> --- a/libavformat/wavdec.c
> >> +++ b/libavformat/wavdec.c
> >> @@ -78,7 +78,7 @@ static void set_spdif_s337m(AVFormatContext *s, 
> >> WAVDemuxContext *wav)
> >>                  ret = AVERROR(ENOMEM);
> >>              } else {
> >>                  int64_t pos = avio_tell(s->pb);
> >> -                len = ret = avio_read(s->pb, buf, len);
> >> +                len = ret = avio_read(s->pb, buf, FFMIN(len,
> >> + wav->data_end - pos));
> >>                  if (len >= 0) {
> >>                      ret = ff_spdif_probe(buf, len, &codec);
> >>                      if (ret > AVPROBE_SCORE_EXTENSION) {
> >
> >Looks OK. I suppose this fixes a potential SIGSEGV too?
> AVIO would just stop at EOF, I don't think a SIGSEGV could occur in any 
> scenario.
> This fix only affects probing (ie. reading start of file) in a surprising 
> scenario where the data chunk would not extend to the end of the file.
> This is many IF and I find it unlikely, but I think it should be fixed anyway.


Could you elaborate?
I believe the code is fine as-is but maybe I miss something...

Carl Eugen
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 6/9] avformat/wavdec: fix s337m/spdif probing beyond data_end

Reply via email to