Hi,
some broken files can lead to an endless resync loop, which is avoided
by attached patch.
Best regards,
Andreas
>From 5682ffffa0cafbaf9339352f3147ef7c494dea47 Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
Date: Sun, 8 Mar 2015 23:29:42 +0100
Subject: [PATCH 5/8] ffmdec: break infinite resync loop
If resyncing leads to the same position as previously, it will again
lead to a resync attempt, resulting in an infinite loop.
Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
---
libavformat/ffmdec.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/libavformat/ffmdec.c b/libavformat/ffmdec.c
index 35e4c03..9cbd20c 100644
--- a/libavformat/ffmdec.c
+++ b/libavformat/ffmdec.c
@@ -82,6 +82,7 @@ static int ffm_read_data(AVFormatContext *s,
FFMContext *ffm = s->priv_data;
AVIOContext *pb = s->pb;
int len, fill_size, size1, frame_offset, id;
+ int64_t last_pos = -1;
size1 = size;
while (size > 0) {
@@ -101,9 +102,16 @@ static int ffm_read_data(AVFormatContext *s,
avio_seek(pb, tell, SEEK_SET);
}
id = avio_rb16(pb); /* PACKET_ID */
- if (id != PACKET_ID)
+ if (id != PACKET_ID) {
if (ffm_resync(s, id) < 0)
return -1;
+ if (avio_tell(pb) == last_pos) {
+ av_log(s, AV_LOG_ERROR,
+ "breaking resync loop at pos %"PRIx64"\n", last_pos);
+ return AVERROR_INVALIDDATA;
+ }
+ last_pos = avio_tell(pb);
+ }
fill_size = avio_rb16(pb);
ffm->dts = avio_rb64(pb);
frame_offset = avio_rb16(pb);
--
2.1.4
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
