Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 6908] New: wiretap mpeg2 ts: more thorough check for sync

Date: Sun, 4 Mar 2012 08:50:55 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6908

           Summary: wiretap mpeg2 ts: more thorough check for sync byte
           Product: Wireshark
           Version: SVN
          Platform: x86
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: wireshark@xxxxxxxxx


Build Information:
TShark 1.7.1 (SVN Rev 41332 from /trunk)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.24.2, with libpcap, without libz, without POSIX
capabilities, without SMI, without c-ares, without ADNS, without Lua, without
Python, without GnuTLS, with Gcrypt 1.4.5, without Kerberos, without GeoIP.

Running on Linux 2.6.39-bpo.2-amd64, with locale en_US.UTF-8, with libpcap
version 1.1.1.

Built using gcc 4.4.5.

--

Dear all,

I'd like to propose a stricter checking in the mp2t routine that determines if
a file is actually an mpeg2 transport stream. At the moment, we read 188 bytes,
if we find a 0x47 somewhere, we conclude that we have a ts.

(I have my private file format plugin for my DVB-CI hardware's raw data. This
plugin registers after all standard file types. Since the mp2t has been in, all
my files are recognized as mp2t because they normally have a 0x47 byte near the
start.)

My interpretation of the mpeg spec is different: The 0x47 _must_ appear at the
start of each 188 byte packet, additional 0x47 bytes _may_ appear anywhere.

Therefore, I propose that we read 10 packets and check that they all start with
0x47. If the file has less than 10 packets, we're ok if each one starts with a
0x47 byte.

I'll attach some files for testing things. 
fake.ts -> random data containing a 0x47, no valid ts
8packetsOk.ts -> valid ts, 8 packets
20packetsOk.ts -> valid ts, 20 packets
8.xxPackets.ts -> valid ts, 8 packets + part of a 9th packet



I'll try to put Weston Schmidt, who submitted the mp2t, in Cc.

Thanks for review and merging.

   Martiin

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.