On Thu, Nov 17, 2016 at 01:08:31AM +0100, Andreas Cadhalpun wrote: > All the fields can be set via options read from the ffm file and thus > have to be sanitized. > > A negative extradata size for example gets passed to memcpy in > avcodec_parameters_from_context causing a segmentation fault. > > Signed-off-by: Andreas Cadhalpun <[email protected]> > --- > > The other fields like qmin etc. seem to be completely ignored since the > switch to codecpar, except possibly by ffserver. > > --- > libavformat/ffmdec.c | 138 > +++++++++++++++++++++++++++++++++++++-------------- > 1 file changed, 102 insertions(+), 36 deletions(-) > > diff --git a/libavformat/ffmdec.c b/libavformat/ffmdec.c > index 6b09be2..e66ba5c 100644 > --- a/libavformat/ffmdec.c > +++ b/libavformat/ffmdec.c > @@ -21,6 +21,7 @@ > > #include <stdint.h> > > +#include "libavutil/imgutils.h" > #include "libavutil/internal.h" > #include "libavutil/intreadwrite.h" > #include "libavutil/intfloat.h" > @@ -28,6 +29,7 @@ > #include "libavutil/avassert.h" > #include "libavutil/avstring.h" > #include "libavutil/pixdesc.h" > +#include "libavcodec/internal.h" > #include "avformat.h" > #include "internal.h" > #include "ffm.h" > @@ -277,6 +279,55 @@ static int ffm_append_recommended_configuration(AVStream > *st, char **conf) > return 0; > } > > +#define SANITIZE_PARAMETER(parameter, name, check, default) { > \ > + if (check) { > \ > + av_log(codec, AV_LOG_WARNING, "Invalid " name " %d\n", > codec->parameter); \ > + codec->parameter = default; > \ > + } > \ > +} > + > +static void ffm_sanitize_parameters(AVCodecContext *codec) > +{ > + if (codec->time_base.num < 0 || codec->time_base.den <= 0) { > + av_log(codec, AV_LOG_WARNING, "Invalid time base %d/%d\n", > + codec->time_base.num, codec->time_base.den); > + codec->time_base.num = 0; > + codec->time_base.den = 1; > + } > + if (codec->bit_rate < 0) { > + av_log(codec, AV_LOG_WARNING, "Invalid bit rate %"PRId64"\n", > codec->bit_rate); > + codec->bit_rate = 0; > + } > + if ((codec->width || codec->height) && av_image_check_size(codec->width, > codec->height, 0, codec) < 0) { > + codec->width = 0; > + codec->height = 0; > + } > + if (codec->sample_aspect_ratio.num < 0 || codec->sample_aspect_ratio.den > < 0) { > + av_log(codec, AV_LOG_WARNING, "Invalid sample aspect ratio %d/%d\n", > + codec->sample_aspect_ratio.num, > codec->sample_aspect_ratio.den); > + codec->sample_aspect_ratio.num = 0; > + codec->sample_aspect_ratio.den = 1; > + } > + SANITIZE_PARAMETER(pix_fmt, "pixel format", > codec->pix_fmt < AV_PIX_FMT_NONE || codec->pix_fmt > AV_PIX_FMT_NB, > AV_PIX_FMT_NONE) > + SANITIZE_PARAMETER(bits_per_coded_sample, "bits per coded sample", > codec->bits_per_coded_sample < 0, > 0) > + SANITIZE_PARAMETER(bits_per_raw_sample, "bits per raw sample", > codec->bits_per_raw_sample < 0, > 0) > + SANITIZE_PARAMETER(extradata_size, "extradata size", > codec->extradata_size < 0 || codec->extradata_size >= > FF_MAX_EXTRADATA_SIZE, 0) > + SANITIZE_PARAMETER(color_range, "color range", > (unsigned)codec->color_range > AVCOL_RANGE_NB, > AVCOL_RANGE_UNSPECIFIED) > + SANITIZE_PARAMETER(color_primaries, "color primaries", > (unsigned)codec->color_primaries > AVCOL_PRI_NB, > AVCOL_PRI_UNSPECIFIED) > + SANITIZE_PARAMETER(color_trc, "color transfer > characteristics ", (unsigned)codec->color_trc > AVCOL_TRC_NB, > AVCOL_TRC_UNSPECIFIED) > + SANITIZE_PARAMETER(colorspace, "color space", > (unsigned)codec->colorspace > AVCOL_SPC_NB, > AVCOL_SPC_UNSPECIFIED) > + SANITIZE_PARAMETER(chroma_sample_location, "chroma location", > (unsigned)codec->chroma_sample_location > AVCHROMA_LOC_NB, > AVCHROMA_LOC_UNSPECIFIED) > + SANITIZE_PARAMETER(has_b_frames, "video delay", > codec->has_b_frames < 0, > 0) > + SANITIZE_PARAMETER(sample_fmt, "sample format", > codec->sample_fmt < AV_SAMPLE_FMT_NONE || codec->sample_fmt > > AV_SAMPLE_FMT_NB, AV_SAMPLE_FMT_NONE)
This breaks API/ABI for example AVCOL_SPC_NB is not part of the public API of libavutil one should be able to use av_color_space_name() to detect invalid color spaces [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Opposition brings concord. Out of discord comes the fairest harmony. -- Heraclitus
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list [email protected] http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
