[issue1670] Crash when decoding wmv8 file

Sun, 02 Jan 2011 13:47:17 -0800 

Daniel Kang <daniel.d.k...@gmail.com> added the comment:

I have examined this issue. It occurs because when init_get_bits is called,
s->avctx->extradata_size<4 is checked, but s->avctx->extradata_size*8 is not
checked for overflow. I have attached a patch that fixes this issue. 

The run with the patch is (I have renamed the file):
./ffmpeg_g -i ../crash.wmv del.wmv
FFmpeg version git-09f94e4, Copyright (c) 2000-2011 the FFmpeg developers
  built on Jan  2 2011 15:08:01 with gcc 4.4.5
  configuration: --enable-gpl
  libavutil     50.36. 0 / 50.36. 0
  libavcore      0.16. 0 /  0.16. 0
  libavcodec    52.101. 0 / 52.101. 0
  libavformat   52.92. 0 / 52.92. 0
  libavdevice   52. 2. 2 / 52. 2. 2
  libavfilter    1.72. 0 /  1.72. 0
  libswscale     0.12. 0 /  0.12. 0

Seems stream 1 codec frame rate differs from container frame rate: 1000.00
(1000/1) -> 30.00 (30/1)
Input #0, asf, from '../crash.wmv':
  Metadata:
    title           :
    artist          :
    copyright       :
    comment         :
    WMFSDKVersion   : 9.00.00.3250
    WMFSDKNeeded    : 0.0.0.0000
    IsVBR           : 1
    VBR Peak        : 884
    Buffer Average  : 200
  Duration: 00:00:00.39, start: 3.000000, bitrate: 718 kb/s
    Stream #0.0(eng): Audio: wmapro, 48000 Hz, stereo, flt, 307 kb/s
    Stream #0.1(eng): Video: wmv2, yuv420p, 32x32, 64 kb/s, 30 tbr, 1k tbn, 1k 
tbc
File 'del.wmv' already exists. Overwrite ? [y/N] y
[buffer @ 0x120cdc0] w:32 h:32 pixfmt:yuv420p
Output #0, asf, to 'del.wmv':
  Metadata:
    title           :
    Author          :
    copyright       :
    Description     :
    WMFSDKVersion   : 9.00.00.3250
    WMFSDKNeeded    : 0.0.0.0000
    IsVBR           : 1
    VBR Peak        : 884
    Buffer Average  : 200
    WM/EncodingSettings: Lavf52.92.0
    Stream #0.0(eng): Video: msmpeg4, yuv420p, 32x32, q=2-31, 200 kb/s, 1k tbn,
30 tbc
    Stream #0.1(eng): Audio: mp2, 48000 Hz, stereo, s16, 64 kb/s
Stream mapping:
  Stream #0.1 -> #0.0
  Stream #0.0 -> #0.1
Press [q] to stop encoding
Multiple frames in a packet from stream 0
frame=   12 fps=  0 q=2.0 Lsize=       7kB time=0.40 bitrate= 148.5kbits/s
video:1kB audio:3kB global headers:0kB muxing overhead 82.522124%

________________________________________________
FFmpeg issue tracker <iss...@roundup.ffmpeg.org>
<https://roundup.ffmpeg.org/issue1670>
________________________________________________

Attachment: wmv_crash_fix.diff
Description: Binary data

Reply via email to