Message ID | dc565e94-98ef-a505-430f-e41802cd3e19@gyani.pro |
---|---|
State | Accepted |
Headers | show |
On 7/20/19, Gyan <ffmpeg@gyani.pro> wrote: > > Affected files can now be demuxed. Verified with John Stebbins. FATE > passes. > > Gyan > You removed negative check, so not ok.
On 21-07-2019 02:21 PM, Paul B Mahol wrote: > On 7/20/19, Gyan <ffmpeg@gyani.pro> wrote: >> Affected files can now be demuxed. Verified with John Stebbins. FATE >> passes. >> >> Gyan >> > You removed negative check, so not ok. entries is unsigned (in the code as well as in the standard). So the value read from file will be >= 0. Even after adjustment for index size overflow, it cannot become negative. Gyan
On 7/21/19, Gyan <ffmpeg@gyani.pro> wrote: > > > On 21-07-2019 02:21 PM, Paul B Mahol wrote: >> On 7/20/19, Gyan <ffmpeg@gyani.pro> wrote: >>> Affected files can now be demuxed. Verified with John Stebbins. FATE >>> passes. >>> >>> Gyan >>> >> You removed negative check, so not ok. > > entries is unsigned (in the code as well as in the standard). So the > value read from file will be >= 0. Even after adjustment for index size > overflow, it cannot become negative. OK then > > Gyan > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
On 22-07-2019 12:50 PM, Paul B Mahol wrote: > On 7/21/19, Gyan <ffmpeg@gyani.pro> wrote: >> >> On 21-07-2019 02:21 PM, Paul B Mahol wrote: >>> On 7/20/19, Gyan <ffmpeg@gyani.pro> wrote: >>>> Affected files can now be demuxed. Verified with John Stebbins. FATE >>>> passes. >>>> >>>> Gyan >>>> >>> You removed negative check, so not ok. >> entries is unsigned (in the code as well as in the standard). So the >> value read from file will be >= 0. Even after adjustment for index size >> overflow, it cannot become negative. > OK then Pushed as d51d71c1e3a6a225a5bc8f35963b50331e479b1a after moving check to after overflow check. Thanks, Gyan
diff --git a/libavformat/mov.c b/libavformat/mov.c index 327a25bbdf..ea26d78d91 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -4776,13 +4776,14 @@ static int mov_read_trun(MOVContext *c, AVIOContext *pb, MOVAtom atom) distance = 0; av_log(c->fc, AV_LOG_TRACE, "first sample flags 0x%x\n", first_sample_flags); + if (entries == 0) + return 0; + // realloc space for new index entries if((uint64_t)st->nb_index_entries + entries >= UINT_MAX / sizeof(AVIndexEntry)) { entries = UINT_MAX / sizeof(AVIndexEntry) - st->nb_index_entries; av_log(c->fc, AV_LOG_ERROR, "Failed to add index entry\n"); } - if (entries <= 0) - return -1; requested_size = (st->nb_index_entries + entries) * sizeof(AVIndexEntry); new_entries = av_fast_realloc(st->index_entries,
Affected files can now be demuxed. Verified with John Stebbins. FATE passes. Gyan From 48175cd745f8abd0546487907c4596550e3c73bf Mon Sep 17 00:00:00 2001 From: Gyan Doshi <ffmpeg@gyani.pro> Date: Sat, 20 Jul 2019 23:44:14 +0530 Subject: [PATCH] avformat/mov: fix return code for trun box with no sample entries A value of zero for sample_count in trun box is not prohibited by 14496-12 section 8.8.8. 4a9d32baca disallowed this which led the demuxer to error out when reading the header of valid files. --- libavformat/mov.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)