]> git.sesse.net Git - ffmpeg/blobdiff - libavformat/ffmdec.c
projects / ffmpeg / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge commit '64c81b2cd0dcf1fe66c381a5d2c707dddcf35a7e'
[ffmpeg] / libavformat / ffmdec.c
diff --git a/libavformat/ffmdec.c b/libavformat/ffmdec.c
index 96527a3aa5f727b199cae450d071c3ed4da3397a..33bbde04b0605a05448f0abec39d34a82f6d16be 100644 (file)
--- a/libavformat/ffmdec.c
+++ b/libavformat/ffmdec.c
@@ -82,6 +82,7 @@ static int ffm_read_data(AVFormatContext *s,
     FFMContext *ffm = s->priv_data;
     AVIOContext *pb = s->pb;
     int len, fill_size, size1, frame_offset, id;
+    int64_t last_pos = -1;
 
     size1 = size;
     while (size > 0) {
@@ -101,9 +102,11 @@ static int ffm_read_data(AVFormatContext *s,
                 avio_seek(pb, tell, SEEK_SET);
             }
             id = avio_rb16(pb); /* PACKET_ID */
-            if (id != PACKET_ID)
+            if (id != PACKET_ID) {
                 if (ffm_resync(s, id) < 0)
                     return -1;
+                last_pos = avio_tell(pb);
+            }
             fill_size = avio_rb16(pb);
             ffm->dts = avio_rb64(pb);
             frame_offset = avio_rb16(pb);
@@ -117,7 +120,9 @@ static int ffm_read_data(AVFormatContext *s,
                 if (!frame_offset) {
                     /* This packet has no frame headers in it */
                     if (avio_tell(pb) >= ffm->packet_size * 3LL) {
-                        avio_seek(pb, -ffm->packet_size * 2LL, SEEK_CUR);
+                        int64_t seekback = FFMIN(ffm->packet_size * 2LL, avio_tell(pb) - last_pos);
+                        seekback = FFMAX(seekback, 0);
+                        avio_seek(pb, -seekback, SEEK_CUR);
                         goto retry_read;
                     }
                     /* This is bad, we cannot find a valid frame header */
@@ -331,6 +336,12 @@ static int ffm2_read_header(AVFormatContext *s)
             }
             codec->time_base.num = avio_rb32(pb);
             codec->time_base.den = avio_rb32(pb);
+            if (codec->time_base.num <= 0 || codec->time_base.den <= 0) {
+                av_log(s, AV_LOG_ERROR, "Invalid time base %d/%d\n",
+                       codec->time_base.num, codec->time_base.den);
+                ret = AVERROR_INVALIDDATA;
+                goto fail;
+            }
             codec->width = avio_rb16(pb);
             codec->height = avio_rb16(pb);
             codec->gop_size = avio_rb16(pb);
@@ -503,6 +514,11 @@ static int ffm_read_header(AVFormatContext *s)
         case AVMEDIA_TYPE_VIDEO:
             codec->time_base.num = avio_rb32(pb);
             codec->time_base.den = avio_rb32(pb);
+            if (codec->time_base.num <= 0 || codec->time_base.den <= 0) {
+                av_log(s, AV_LOG_ERROR, "Invalid time base %d/%d\n",
+                       codec->time_base.num, codec->time_base.den);
+                goto fail;
+            }
             codec->width = avio_rb16(pb);
             codec->height = avio_rb16(pb);
             codec->gop_size = avio_rb16(pb);
Unnamed repository; edit this file 'description' to name the repository.