The reader ignores the size of the ASF data object and keeps on

reading even beyond it.
Therefore if the ASF file includes an index object at its end, the
reader will treat the index like data, but of course will fail since
it thinks that the data is corrupted.
When reading an asf file with an index object, ffmpeg will
complain at the end of the file that it read an invalid header.
Patch by Kohn Emil Dan, < emild A cs P technion P ac P il >
Original thead:
Date: Apr 18, 2006 4:11 PM
Subject: [Ffmpeg-devel] Two ASF related bugs and fixes

Originally committed as revision 5857 to svn://svn.ffmpeg.org/ffmpeg/trunk
pull/126/head
Kohn Emil Dan 19 years ago committed by Guillaume Poirier
parent ea3a790e0d
commit b6eaae39b4
  1. 9
      libavformat/asf.c
  2. 6
      libavformat/asf.h

@ -327,6 +327,12 @@ static int asf_read_header(AVFormatContext *s, AVFormatParameters *ap)
pos2 = url_ftell(pb); pos2 = url_ftell(pb);
url_fskip(pb, gsize - (pos2 - pos1 + 24)); url_fskip(pb, gsize - (pos2 - pos1 + 24));
} else if (!memcmp(&g, &data_header, sizeof(GUID))) { } else if (!memcmp(&g, &data_header, sizeof(GUID))) {
asf->data_object_offset = url_ftell(pb);
if (gsize != (uint64_t)-1 && gsize >= 24) {
asf->data_object_size = gsize - 24;
} else {
asf->data_object_size = (uint64_t)-1;
}
break; break;
} else if (!memcmp(&g, &comment_header, sizeof(GUID))) { } else if (!memcmp(&g, &comment_header, sizeof(GUID))) {
int len1, len2, len3, len4, len5; int len1, len2, len3, len4, len5;
@ -552,6 +558,9 @@ static int asf_read_packet(AVFormatContext *s, AVPacket *pkt)
/* fail safe */ /* fail safe */
url_fskip(pb, ret); url_fskip(pb, ret);
asf->packet_pos= url_ftell(&s->pb); asf->packet_pos= url_ftell(&s->pb);
if (asf->data_object_size != (uint64_t)-1 &&
(asf->packet_pos - asf->data_object_offset >= asf->data_object_size))
return AVERROR_IO; /* Do not exceed the size of the data object */
ret = asf_get_packet(s); ret = asf_get_packet(s);
//printf("READ ASF PACKET %d r:%d c:%d\n", ret, asf->packet_size_left, pc++); //printf("READ ASF PACKET %d r:%d c:%d\n", ret, asf->packet_size_left, pc++);
if (ret < 0 || url_feof(pb)) if (ret < 0 || url_feof(pb))

@ -32,7 +32,7 @@ typedef struct {
int ds_data_size; int ds_data_size;
int ds_silence_data; int ds_silence_data;
int packet_pos; int64_t packet_pos;
} ASFStream; } ASFStream;
@ -98,6 +98,8 @@ typedef struct {
ByteIOContext pb; ByteIOContext pb;
/* only for reading */ /* only for reading */
uint64_t data_offset; /* begining of the first data packet */ uint64_t data_offset; /* begining of the first data packet */
uint64_t data_object_offset; /* data object offset (excl. GUID & size)*/
uint64_t data_object_size; /* size of the data object */
ASFMainHeader hdr; ASFMainHeader hdr;
@ -117,7 +119,7 @@ typedef struct {
int packet_obj_size; int packet_obj_size;
int packet_time_delta; int packet_time_delta;
int packet_time_start; int packet_time_start;
int packet_pos; int64_t packet_pos;
int stream_index; int stream_index;

Loading…
Cancel
Save