Fixes: out of array access
Fixes: stack-buffer-overflow-READ-0x0831fff1
Found-by: GalyCannon <galycannon@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitialized variables
Fixes: blank.aa
Found-by: Chamal De Silva <chamal.desilva@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
MP3 frames may not be aligned to aa chunk boundaries. When seeking,
calculate the expected frame offset in the target chunk. Adjust the
timestamp and truncate the next packet accordingly.
This solution works for the majority of tested audio material. For
some rare encodings with mp3 padding or embedded id3 tags, it will
mispredict the correct offset, and at worst skip an extra frame.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
read_packet reads content in chunks. Thus seek must be clamped to valid
chunk positions in the file, which in turn are relative to chapter start
positions.
So in read_header, scan for chapter headers once by skipping through the
content. Set stream time_base based on bitrate in bytes/s, for easy
timestamp to position conversion.
Then in read_seek, find the chapter containing the seek position, calculate
the nearest chunk position, and reinit the read_seek state accordingly.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Remember the end position of audio content in the file and check it during
read_packet. There always seems to be other data beyond it, which could be
misinterpreted as more audio. Also add some extra avio_read error checks,
to bail early in case of a broken/truncated file.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This demuxer was broken on a large number of platforms due to usage of wrong
format specifier in sscanf. This patch fixes the problem, and also adds some
debug logging to reduce future debugging pain.