Commit 5d542030 authored by Seungha Yang's avatar Seungha Yang 🐑 Committed by Sebastian Dröge

qtdemux: Ignore corrupted CTTS box

If ctts (CompositionOffsetBox) has larger sample_offset
(offset between PTS and DTS) than (2 * duration) of the stream,
assume the ctts box to be corrupted and ignore the box.
parent a03d2942
......@@ -8999,6 +8999,18 @@ qtdemux_stbl_init (GstQTDemux * qtdemux, QtDemuxStream * stream, GNode * stbl)
gst_byte_reader_skip_unchecked (&stream->ctts, 4);
offset = gst_byte_reader_get_int32_be_unchecked (&stream->ctts);
/* HACK: if sample_offset is larger than 2 * duration, ignore the box.
* slightly inaccurate PTS could be more usable than corrupted one */
if (G_UNLIKELY ((ABS (offset) / 2) > stream->duration)) {
"Ignore corrupted ctts, sample_offset %" G_GINT32_FORMAT
" larger than duration %" G_GUINT64_FORMAT,
offset, stream->duration);
stream->cslg_shift = 0;
stream->ctts_present = FALSE;
return TRUE;
if (offset < cslg_least)
cslg_least = offset;
