From d7bdab1ad78ef582ba8c96dc7b79ec9fdbeeb94f Mon Sep 17 00:00:00 2001 From: Sean McGovern Date: Fri, 28 Jul 2017 16:17:33 -0400 Subject: [PATCH 1/3] mov: log and return early on non-positive stsd entry counts Based on an FFmpeg patch by Michael Niedermayer --- libavformat/mov.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index bf68fbd46a..8ff60222ef 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1875,6 +1875,11 @@ static int mov_read_stsd(MOVContext *c, AVIOContext *pb, MOVAtom atom) avio_rb24(pb); /* flags */ entries = avio_rb32(pb); + if (entries <= 0) { + av_log(c->fc, AV_LOG_ERROR, "invalid STSD entries %d\n", entries); + return AVERROR_INVALIDDATA; + } + if (sc->extradata) { av_log(c->fc, AV_LOG_ERROR, "Duplicate stsd found in this track.\n"); From 3050dabaa9a337ad077ec60bba664ad9861e1aa6 Mon Sep 17 00:00:00 2001 From: Sean McGovern Date: Fri, 28 Jul 2017 16:29:35 -0400 Subject: [PATCH 2/3] mov: Do not set stsd_count if mov_read_stsd() fails Based on an FFmpeg patch by Michael Niedermayer --- libavformat/mov.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 8ff60222ef..2134bd1743 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1891,24 +1891,33 @@ static int mov_read_stsd(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (!sc->extradata) return AVERROR(ENOMEM); - sc->stsd_count = entries; - sc->extradata_size = av_mallocz_array(sc->stsd_count, sizeof(*sc->extradata_size)); - if (!sc->extradata_size) - return AVERROR(ENOMEM); + sc->extradata_size = av_mallocz_array(entries, sizeof(*sc->extradata_size)); + if (!sc->extradata_size) { + ret = AVERROR(ENOMEM); + goto fail; + } - ret = ff_mov_read_stsd_entries(c, pb, sc->stsd_count); + ret = ff_mov_read_stsd_entries(c, pb, entries); if (ret < 0) - return ret; + goto fail; + + sc->stsd_count = entries; /* Restore back the primary extradata. */ av_free(st->codecpar->extradata); st->codecpar->extradata_size = sc->extradata_size[0]; st->codecpar->extradata = av_mallocz(sc->extradata_size[0] + AV_INPUT_BUFFER_PADDING_SIZE); - if (!st->codecpar->extradata) - return AVERROR(ENOMEM); + if (!st->codecpar->extradata) { + ret = AVERROR(ENOMEM); + goto fail; + } memcpy(st->codecpar->extradata, sc->extradata[0], sc->extradata_size[0]); return 0; +fail: + av_freep(&sc->extradata); + av_freep(&sc->extradata_size); + return ret; } static int mov_read_stsc(MOVContext *c, AVIOContext *pb, MOVAtom atom) From defe307fb22beca60a632e976ab97e5edd4aee25 Mon Sep 17 00:00:00 2001 From: Sean McGovern Date: Sat, 29 Jul 2017 19:17:16 -0400 Subject: [PATCH 3/3] mov: move stsd finalization to an appropriate place mov_finalize_stsd_codec() parses stream information from the ALAC extradata, so run it after the extradata processing is completed in mov_read_stsd(). Fixes playback of 96kHz ALAC streams muxed by qaac or the reference alac encoder. Adapted from an FFmpeg patch by Hendrik Leppkes Bug-Id: 1072 --- libavformat/mov.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 2134bd1743..6711d8e11e 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1857,7 +1857,7 @@ int ff_mov_read_stsd_entries(MOVContext *c, AVIOContext *pb, int entries) if (pb->eof_reached) return AVERROR_EOF; - return mov_finalize_stsd_codec(c, pb, st, sc); + return 0; } static int mov_read_stsd(MOVContext *c, AVIOContext *pb, MOVAtom atom) @@ -1913,7 +1913,7 @@ static int mov_read_stsd(MOVContext *c, AVIOContext *pb, MOVAtom atom) } memcpy(st->codecpar->extradata, sc->extradata[0], sc->extradata_size[0]); - return 0; + return mov_finalize_stsd_codec(c, pb, st, sc); fail: av_freep(&sc->extradata); av_freep(&sc->extradata_size);