If the source file got truncated it may happen that a chunk cannot
be read because the computed file offset is beyond EOF. Currently,
aac_afh_get_chunk() aborts in this case because we assert that the
file offset is within range. Return a proper error code instead and
also change aac_get_file_info() to bail out if aac_afh_get_chunk()
returns negative.
ret = mp4_get_sample_size(c->mp4, chunk_num, &ss);
if (ret < 0)
return ret;
ret = mp4_get_sample_size(c->mp4, chunk_num, &ss);
if (ret < 0)
return ret;
- assert(ss + offset <= c->mapsize);
+ if (ss + offset > c->mapsize) /* file got truncated?! */
+ return -E_MP4_CORRUPT;
*buf = c->map + offset;
*len = ss;
return 1;
*buf = c->map + offset;
*len = ss;
return 1;
afhi->max_chunk_size = 0;
for (n = 0; n < afhi->chunks_total; n++) {
afhi->max_chunk_size = 0;
for (n = 0; n < afhi->chunks_total; n++) {
- if (aac_afh_get_chunk(n, c, &buf, &len) < 0)
- break;
+ ret = aac_afh_get_chunk(n, c, &buf, &len);
+ if (ret < 0)
+ goto out;
afhi->max_chunk_size = PARA_MAX(afhi->max_chunk_size, len);
}
milliseconds = mp4_get_duration(c->mp4);
afhi->seconds_total = milliseconds / 1000;
ms2tv(milliseconds / afhi->chunks_total, &afhi->chunk_tv);
afhi->max_chunk_size = PARA_MAX(afhi->max_chunk_size, len);
}
milliseconds = mp4_get_duration(c->mp4);
afhi->seconds_total = milliseconds / 1000;
ms2tv(milliseconds / afhi->chunks_total, &afhi->chunk_tv);
- if (aac_afh_get_chunk(0, c, &buf, &len) >= 0)
- numbytes -= buf - map;
+ if (aac_afh_get_chunk(0, c, &buf, &len) < 0)
+ goto out;
+ numbytes -= buf - map;
afhi->bitrate = 8 * numbytes / afhi->seconds_total / 1000;
aac_afh_get_taginfo(c->mp4, &afhi->tags);
ret = 1;
afhi->bitrate = 8 * numbytes / afhi->seconds_total / 1000;
aac_afh_get_taginfo(c->mp4, &afhi->tags);
ret = 1;
aac_afh_close(c);
return ret;
}
aac_afh_close(c);
return ret;
}