[libav-bugs] [Bug 1163] New: a infinite loop in mov_probe

bugzilla at libav.org bugzilla at libav.org
Wed Jul 17 03:48:56 CEST 2019


https://bugzilla.libav.org/show_bug.cgi?id=1163

            Bug ID: 1163
           Summary: a infinite loop in mov_probe
           Product: Libav
           Version: git HEAD
          Hardware: X86
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: ---
         Component: utilities
          Assignee: bugzilla at libav.org
          Reporter: intreuse at gmail.com

Created attachment 746
  --> https://bugzilla.libav.org/attachment.cgi?id=746&action=edit
infinite loop

avconv -y -i $poc /dev/null
in libav/libavformat/mov.c, if tag=='skip' and offset==0, the for loop will not
stop.
3601 static int mov_probe(AVProbeData *p)
3602 {
3603     unsigned int offset;
3604     uint32_t tag;
3605     int score = 0;
3606 
3607     /* check file header */
3608     offset = 0;
3609     for (;;) {
3610         /* ignore invalid offset */
3611         if ((offset + 8) > (unsigned int)p->buf_size)
3612             return score;
3613         tag = AV_RL32(p->buf + offset + 4);
3614         switch(tag) {
3615         /* check for obvious tags */
3616         case MKTAG('j','P',' ',' '): /* jpeg 2000 signature */
3617         case MKTAG('m','o','o','v'):
3618         case MKTAG('m','d','a','t'):
3619         case MKTAG('p','n','o','t'): /* detect movs with preview pics like
ew.mov and april.mov */
3620         case MKTAG('u','d','t','a'): /* Packet Video PVAuthor adds this
and a lot of more junk */
3621         case MKTAG('f','t','y','p'):
3622             return AVPROBE_SCORE_MAX;
3623         /* those are more common words, so rate then a bit less */
3624         case MKTAG('e','d','i','w'): /* xdcam files have reverted first
tags */
3625         case MKTAG('w','i','d','e'):
3626         case MKTAG('f','r','e','e'):
3627         case MKTAG('j','u','n','k'):
3628         case MKTAG('p','i','c','t'):
3629             return AVPROBE_SCORE_MAX - 5;
3630         case MKTAG(0x82,0x82,0x7f,0x7d):
3631         case MKTAG('s','k','i','p'):
3632         case MKTAG('u','u','i','d'):
3633         case MKTAG('p','r','f','l'):
3634             offset = AV_RB32(p->buf+offset) + offset;
3635             /* if we only find those cause probedata is too small at least
rate them */
3636             score = AVPROBE_SCORE_EXTENSION;
3637             break;
3638         default:
3639             /* unrecognized tag */
3640             return score;
3641         }
3642     }
3643 }

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20190717/de9bae6f/attachment.html>


More information about the libav-bugs mailing list