COPY FROM libav Martin Storsjö <[email protected]> If the metadata packet is corrupted, flv_read_metabody can accidentally read past the start of the next packet. If the start of the next packet had been flushed out of the IO buffer, we would be unable to seek to the right position (on a nonseekable stream).
Prefer to clearly error out instead of silently trying to read from a desynced stream which will only be interpreted as garbage. Signed-off-by: Steven Liu <[email protected]> --- libavformat/flvdec.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index 2e70352c53..2d89bef15f 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -1015,7 +1015,13 @@ retry: "Skipping flv packet: type %d, size %d, flags %d.\n", type, size, flags); skip: - avio_seek(s->pb, next, SEEK_SET); + if (avio_seek(s->pb, next, SEEK_SET) != next) { + // This can happen if flv_read_metabody above read past + // next, on a non-seekable input, and the preceding data has + // been flushed out from the IO buffer. + av_log(s, AV_LOG_ERROR, "Unable to seek to the next packet\n"); + return AVERROR_INVALIDDATA; + } ret = FFERROR_REDO; goto leave; } -- 2.11.0 (Apple Git-81) _______________________________________________ ffmpeg-devel mailing list [email protected] http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
