New submission from ami_stuff <[email protected]>: the latest voc modification broken decoding of
http://samples.mplayerhq.hu/voc/pcm_s16_2/nem.voc Author: cehoyos Date: Tue Jan 11 15:08:45 2011 New Revision: 26309 Log: Do not crash for illegal sample size, fixes issue 2502. Patch by Daniel Kang, daniel.d.kang at gmail Modified: trunk/libavcodec/pcm.c trunk/libavformat/vocdec.c Modified: trunk/libavcodec/pcm.c ============================================================================== --- trunk/libavcodec/pcm.c Tue Jan 11 13:17:27 2011 (r26308) +++ trunk/libavcodec/pcm.c Tue Jan 11 15:08:45 2011 (r26309) @@ -292,6 +292,11 @@ static int pcm_decode_frame(AVCodecConte /* we process 40-bit blocks per channel for LXF */ sample_size = 5; + if (sample_size == 0) { + av_log(avctx, AV_LOG_ERROR, "Invalid sample_size\n"); + return AVERROR(EINVAL); + } + n = avctx->channels * sample_size; if(n && buf_size % n){ Modified: trunk/libavformat/vocdec.c ============================================================================== --- trunk/libavformat/vocdec.c Tue Jan 11 13:17:27 2011 (r26308) +++ trunk/libavformat/vocdec.c Tue Jan 11 15:08:45 2011 (r26309) @@ -68,7 +68,7 @@ voc_get_packet(AVFormatContext *s, AVPac AVCodecContext *dec = st->codec; ByteIOContext *pb = s->pb; VocType type; - int size; + int size, tmp_codec; int sample_rate = 0; int channels = 1; @@ -90,7 +90,11 @@ voc_get_packet(AVFormatContext *s, AVPac if (sample_rate) dec->sample_rate = sample_rate; dec->channels = channels; - dec->codec_id = ff_codec_get_id(ff_voc_codec_tags, get_byte(pb)); + tmp_codec = ff_codec_get_id(ff_voc_codec_tags, get_byte(pb)); + if (dec->codec_id == CODEC_ID_NONE) + dec->codec_id = tmp_codec; + else if (dec->codec_id != tmp_codec) + av_log(s, AV_LOG_WARNING, "Ignoring mid-stream change in audio codec\n"); dec->bits_per_coded_sample = av_get_bits_per_sample(dec->codec_id); voc->remaining_size -= 2; max_size -= 2; @@ -113,7 +117,11 @@ voc_get_packet(AVFormatContext *s, AVPac dec->sample_rate = get_le32(pb); dec->bits_per_coded_sample = get_byte(pb); dec->channels = get_byte(pb); - dec->codec_id = ff_codec_get_id(ff_voc_codec_tags, get_le16(pb)); + tmp_codec = ff_codec_get_id(ff_voc_codec_tags, get_byte(pb)); + if (dec->codec_id == CODEC_ID_NONE) + dec->codec_id = tmp_codec; + else if (dec->codec_id != tmp_codec) + av_log(s, AV_LOG_WARNING, "Ignoring mid-stream change in audio codec\n"); url_fskip(pb, 4); voc->remaining_size -= 12; max_size -= 12; @@ -125,6 +133,10 @@ voc_get_packet(AVFormatContext *s, AVPac voc->remaining_size = 0; break; } + if (dec->codec_id == CODEC_ID_NONE) { + av_log(s, AV_LOG_ERROR, "Invalid codec_id\n"); + if (s->audio_codec_id == CODEC_ID_NONE) return AVERROR(EINVAL); + } } dec->bit_rate = dec->sample_rate * dec->bits_per_coded_sample; C:\>ffmpeg -i C:\nem.voc FFmpeg version SVN-r26397, Copyright (c) 2000-2011 the FFmpeg developers built on Jan 17 2011 04:07:25 with gcc 4.4.2 configuration: --enable-gpl --enable-version3 --enable-libgsm --enable-libvorb is --enable-libtheora --enable-libspeex --enable-libmp3lame --enable-libopenjpeg --enable-libschroedinger --enable-libopencore_amrwb --enable-libopencore_amrnb --enable-libvpx --disable-decoder=libvpx --arch=x86 --enable-runtime-cpudetect - -enable-libxvid --enable-libx264 --enable-librtmp --extra-libs='-lrtmp -lpolarss l -lws2_32 -lwinmm' --target-os=mingw32 --enable-avisynth --enable-w32threads -- cross-prefix=i686-mingw32- --cc='ccache i686-mingw32-gcc' --enable-memalign-hack libavutil 50.36. 0 / 50.36. 0 libavcore 0.16. 1 / 0.16. 1 libavcodec 52.108. 0 / 52.108. 0 libavformat 52.93. 0 / 52.93. 0 libavdevice 52. 2. 3 / 52. 2. 3 libavfilter 1.74. 0 / 1.74. 0 libswscale 0.12. 0 / 0.12. 0 [voc @ 01bdd150] max_analyze_duration reached [voc @ 01bdd150] Estimating duration from bitrate, this may be inaccurate Input #0, voc, from 'C:\nem.voc': Duration: 00:00:34.56, bitrate: 705 kb/s Stream #0.0: Audio: pcm_s16le, 44100 Hz, 2 channels, s16, 1411 kb/s At least one output file must be specified ---------- messages: 13488 priority: normal status: open substatus: open title: voc regression type: bug ________________________________________________ FFmpeg issue tracker <[email protected]> <https://roundup.ffmpeg.org/issue2560> ________________________________________________
