mp4: Don't abort on truncated files.

If the source file got truncated it may happen that a chunk cannot
be read because the computed file offset is beyond EOF. Currently,
aac_afh_get_chunk() aborts in this case because we assert that the
file offset is within range. Return a proper error code instead and
also change aac_get_file_info() to bail out if aac_afh_get_chunk()
returns negative.

diff --git a/aac_afh.c b/aac_afh.c
index 7be441ab209b5ee7ca85c371f229f0c76ece96cb..79fa30ddc2f794f5c586c28b2823c7fce26dd9b8 100644 (file)
--- a/aac_afh.c
+++ b/aac_afh.c
@@ -101,7 +101,8 @@ static int aac_afh_get_chunk(uint32_t chunk_num, void *afh_context,
        ret = mp4_get_sample_size(c->mp4, chunk_num, &ss);
        if (ret < 0)
                return ret;
-       assert(ss + offset <= c->mapsize);
+       if (ss + offset > c->mapsize) /* file got truncated?! */
+               return -E_MP4_CORRUPT;
        *buf = c->map + offset;
        *len = ss;
        return 1;
@@ -141,18 +142,21 @@ static int aac_get_file_info(char *map, size_t numbytes, __a_unused int fd,
 
        afhi->max_chunk_size = 0;
        for (n = 0; n < afhi->chunks_total; n++) {
-               if (aac_afh_get_chunk(n, c, &buf, &len) < 0)
-                       break;
+               ret = aac_afh_get_chunk(n, c, &buf, &len);
+               if (ret < 0)
+                       goto out;
                afhi->max_chunk_size = PARA_MAX(afhi->max_chunk_size, len);
        }
        milliseconds = mp4_get_duration(c->mp4);
        afhi->seconds_total = milliseconds / 1000;
        ms2tv(milliseconds / afhi->chunks_total, &afhi->chunk_tv);
-       if (aac_afh_get_chunk(0, c, &buf, &len) >= 0)
-               numbytes -= buf - map;
+       if (aac_afh_get_chunk(0, c, &buf, &len) < 0)
+               goto out;
+       numbytes -= buf - map;
        afhi->bitrate = 8 * numbytes / afhi->seconds_total / 1000;
        aac_afh_get_taginfo(c->mp4, &afhi->tags);
        ret = 1;
+out:
        aac_afh_close(c);
        return ret;
 }