From a6912e5b88463b7b39cc3ee4f9338f57ef7ff7e6 Mon Sep 17 00:00:00 2001
From: Idan Freiberg <speidy@gmail.com>
Date: Wed, 13 Jan 2021 14:34:54 +0200
Subject: avformat/dhav: Fix incorrect non-DHAV chunk skipping logic

DAV files may contain a variable length padding in between chunks
filled with 0xff bytes. The current skipping logic is incorrect as it
may skip over DHAV chunks not appearing sequentially in the file.

We now look for the 'DHAV' tag using a byte-by-byte search in order
to handle such situations. Also the dhav->last_good_pos field will
not be updated while skipping unrecognized data.
---
 libavformat/dhav.c | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

(limited to 'libavformat')

diff --git a/libavformat/dhav.c b/libavformat/dhav.c
index 00e0d8476e..6a6c235e65 100644
--- a/libavformat/dhav.c
+++ b/libavformat/dhav.c
@@ -173,18 +173,9 @@ static int read_chunk(AVFormatContext *s)
     if (avio_feof(s->pb))
         return AVERROR_EOF;
 
-    if (avio_rl32(s->pb) != MKTAG('D','H','A','V') && dhav->last_good_pos < INT64_MAX - 0x8000) {
-        dhav->last_good_pos += 0x8000;
-        avio_seek(s->pb, dhav->last_good_pos, SEEK_SET);
-
-        while (avio_rl32(s->pb) != MKTAG('D','H','A','V')) {
-            if (avio_feof(s->pb) || dhav->last_good_pos >= INT64_MAX - 0x8000)
-                return AVERROR_EOF;
-            dhav->last_good_pos += 0x8000;
-            ret = avio_skip(s->pb, 0x8000 - 4);
-            if (ret < 0)
-                return ret;
-        }
+    while (avio_r8(s->pb) != 'D' || avio_r8(s->pb) != 'H' || avio_r8(s->pb) != 'A' || avio_r8(s->pb) != 'V') {
+        if (avio_feof(s->pb))
+            return AVERROR_EOF;
     }
 
     start = avio_tell(s->pb) - 4;
-- 
cgit v1.2.3