The structure of a ProRes frame in mov/mp4 is that of a typical atom:
First a 32 bit BE size field, then a tag detailling the content. Said
size field includes the eight bytes of the atom header.
This header is actually redundant, as the size of the atom is already
known from the containing atom. It is therefore stripped away when muxed
into Matroska and so the Matroska demuxer has to recreate upon demuxing.
But it did not account for the fact that the size field includes the
size of the header and this can lead to problems when a decoder uses the
in-band size field.
Fixes ticket #8210.
Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@gmail.com>
---
libavformat/matroskadec.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 10c398856b..a5f120b54d 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -3280,15 +3280,16 @@ static int matroska_parse_prores(MatroskaTrack *track,
uint8_t *src,
int dstlen = *size;
if (AV_RB32(&src[4]) != MKBETAG('i', 'c', 'p', 'f')) {
- dst = av_malloc(dstlen + 8 + AV_INPUT_BUFFER_PADDING_SIZE);
+ dstlen += 8;
+
+ dst = av_malloc(dstlen + AV_INPUT_BUFFER_PADDING_SIZE);
if (!dst)
return AVERROR(ENOMEM);
AV_WB32(dst, dstlen);
AV_WB32(dst + 4, MKBETAG('i', 'c', 'p', 'f'));
- memcpy(dst + 8, src, dstlen);
- memset(dst + 8 + dstlen, 0, AV_INPUT_BUFFER_PADDING_SIZE);
- dstlen += 8;
+ memcpy(dst + 8, src, dstlen - 8);
+ memset(dst + dstlen, 0, AV_INPUT_BUFFER_PADDING_SIZE);
}
*pdst = dst;
--
2.21.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
