2017-09-06 0:38 GMT+08:00 Steven Liu <l...@chinaffmpeg.org>: > COPY FROM libav Martin Storsjö <mar...@martin.st> > > If the metadata packet is corrupted, flv_read_metabody can accidentally > read past the start of the next packet. If the start of the next packet > had been flushed out of the IO buffer, we would be unable to seek to > the right position (on a nonseekable stream). > > Prefer to clearly error out instead of silently trying to read from a > desynced stream which will only be interpreted as garbage. > > Signed-off-by: Steven Liu <l...@chinaffmpeg.org> > --- > libavformat/flvdec.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c > index 2e70352c53..2d89bef15f 100644 > --- a/libavformat/flvdec.c > +++ b/libavformat/flvdec.c > @@ -1015,7 +1015,13 @@ retry: > "Skipping flv packet: type %d, size %d, flags %d.\n", > type, size, flags); > skip: > - avio_seek(s->pb, next, SEEK_SET); > + if (avio_seek(s->pb, next, SEEK_SET) != next) { > + // This can happen if flv_read_metabody above read past > + // next, on a non-seekable input, and the preceding data has > + // been flushed out from the IO buffer. > + av_log(s, AV_LOG_ERROR, "Unable to seek to the next > packet\n"); > + return AVERROR_INVALIDDATA; > + } > ret = FFERROR_REDO; > goto leave; > } > -- > 2.11.0 (Apple Git-81) > > > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
pushed _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel