Reimar Döffinger <[email protected]> added the comment: On Sun, Sep 20, 2009 at 04:23:55PM -0700, Baptiste Coudurier wrote: > On 09/20/2009 10:36 AM, Reimar Döffinger wrote: > > > > Reimar Döffinger<[email protected]> added the comment: > > > > On Sun, Sep 20, 2009 at 04:44:56PM +0000, Ramiro Polla wrote: > >> > >> Ramiro Polla<[email protected]> added the comment: > >> > >> in mov.c r19928 lines 890:894 codec_name is just copied straight off of > >> the mov > >> file. > > > > Right, I missed that codec_name is used, too. > > I really think that the encoding is supposed to be ANSI, though that > > means > > 1) they are one off, (R) would be 0xa9 but it's 0xa8. I wonder who > > messed that up. > > 2) ANSI has to be converted to UTF8, this patch does that, though it is > > a bit ugly still: > > Index: libavformat/mov.c > > =================================================================== > > --- libavformat/mov.c (revision 19926) > > +++ libavformat/mov.c (working copy) > > @@ -868,7 +868,8 @@ > > (format>> 24)& 0xff, st->codec->codec_type); > > > > if(st->codec->codec_type==CODEC_TYPE_VIDEO) { > > - uint8_t codec_name[32]; > > + int len, i; > > + char *codec_name; > > unsigned int color_depth; > > int color_greyscale; > > > > @@ -887,11 +888,16 @@ > > get_be32(pb); /* data size, always 0 */ > > get_be16(pb); /* frames per samples */ > > > > - get_buffer(pb, codec_name, 32); /* codec name, pascal string */ > > - if (codec_name[0]<= 31) { > > - memcpy(st->codec->codec_name, > > &codec_name[1],codec_name[0]); > > - st->codec->codec_name[codec_name[0]] = 0; > > + len = get_byte(pb); /* codec name, pascal string */ > > Missing check against 31 to avoid reading too much if len is wrong, > possibly file can still be demuxed.
Is that field really limited to 32 bytes in mov? That check looked to me like an artifact of the codec->codec_name size, not like something worth keeping... _____________________________________________________ FFmpeg issue tracker <[email protected]> <https://roundup.ffmpeg.org/roundup/ffmpeg/issue1398> _____________________________________________________
