Re: [libav-devel] [PATCH] nsvdec: don't ignore the return value of av_get_packet()

Fri, 24 Mar 2017 12:15:59 -0700 

Hi Vittorio

On Fri, Mar 24, 2017 at 2:43 PM, Vittorio Giovara
<[email protected]> wrote:
> On Fri, Mar 24, 2017 at 6:36 PM, Sean McGovern <[email protected]> wrote:
>> Fixes invalid reads with corrupted files.
>>
>> CC: [email protected]
>> Bug-Id: 1039
>> ---
>>  libavformat/nsvdec.c | 7 +++++--
>>  1 file changed, 5 insertions(+), 2 deletions(-)
>>
>> diff --git a/libavformat/nsvdec.c b/libavformat/nsvdec.c
>> index c91d2a1..924c869 100644
>> --- a/libavformat/nsvdec.c
>> +++ b/libavformat/nsvdec.c
>> @@ -520,6 +520,7 @@ static int nsv_read_chunk(AVFormatContext *s, int 
>> fill_header)
>>      uint32_t vsize;
>>      uint16_t asize;
>>      uint16_t auxsize;
>> +    int ret;
>>
>>      if (nsv->ahead[0].data || nsv->ahead[1].data)
>>          return 0; //-1; /* hey! eat what you've in your plate first! */
>> @@ -571,7 +572,8 @@ null_chunk_retry:
>>      if (vsize && st[NSV_ST_VIDEO]) {
>>          nst = st[NSV_ST_VIDEO]->priv_data;
>>          pkt = &nsv->ahead[NSV_ST_VIDEO];
>> -        av_get_packet(pb, pkt, vsize);
>> +        if ((ret = av_get_packet(pb, pkt, vsize)) < 0)
>> +            return ret;
>>          pkt->stream_index = st[NSV_ST_VIDEO]->index;//NSV_ST_VIDEO;
>>          pkt->dts = nst->frame_offset;
>>          pkt->flags |= nsv->state == NSV_HAS_READ_NSVS ? AV_PKT_FLAG_KEY : 
>> 0; /* keyframe only likely on a sync frame */
>> @@ -615,7 +617,8 @@ null_chunk_retry:
>>                         bps, channels, samplerate);
>>              }
>>          }
>> -        av_get_packet(pb, pkt, asize);
>> +        if ((ret = av_get_packet(pb, pkt, asize)) < 0)
>> +            return ret;
>>          pkt->stream_index = st[NSV_ST_AUDIO]->index;//NSV_ST_AUDIO;
>>          pkt->flags |= nsv->state == NSV_HAS_READ_NSVS ? AV_PKT_FLAG_KEY : 
>> 0; /* keyframe only likely on a sync frame */
>>          if( nsv->state == NSV_HAS_READ_NSVS && st[NSV_ST_VIDEO] ) {
>> --
>
> no error message necessary?
> probably ok anyway
> --

Hmmm... maybe not a bad idea.

Before this patch, using the sample included in BZ #1039 avconv would
segfault. Now it just hits EOF as seen below:

$ /build/libav/avconv -i bz1039/sample -f null -
avconv version v13_dev0-1009-g4997c24, Copyright (c) 2000-2017 the
Libav developers
  built on Mar 24 2017 15:08:34 with gcc 5.4.0 (Ubuntu
5.4.0-6ubuntu1~16.04.4) 20160609
[nsv @ 0x21ca060] Format detected only with low score of 20,
misdetection possible!
bz1039/sample: End of file

Will add something more informative.

-- Sean McG.
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel

Reply via email to