Message ID | 20230416222518.21308-3-michael@niedermayer.cc |
---|---|
State | New |
Headers | show |
Series | [FFmpeg-devel,1/5] avcodec/pcm_rechunk_bsf: unref packet before putting a new one in | expand |
Context | Check | Description |
---|---|---|
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
Quoting Michael Niedermayer (2023-04-17 00:25:16) > Fixes: memleak > Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6674082962997248 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/mov.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavformat/mov.c b/libavformat/mov.c > index 057fd872b10..6853bb324cf 100644 > --- a/libavformat/mov.c > +++ b/libavformat/mov.c > @@ -7777,7 +7777,7 @@ static int mov_read_iloc(MOVContext *c, AVIOContext *pb, MOVAtom atom) > return 0; > } > > - if (c->fc->nb_streams) { > + if (c->fc->nb_streams || c->avif_info) { This first condition is now redundant, is it not?
On Mon, Apr 17, 2023 at 12:36:26PM +0200, Anton Khirnov wrote: > Quoting Michael Niedermayer (2023-04-17 00:25:16) > > Fixes: memleak > > Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6674082962997248 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavformat/mov.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libavformat/mov.c b/libavformat/mov.c > > index 057fd872b10..6853bb324cf 100644 > > --- a/libavformat/mov.c > > +++ b/libavformat/mov.c > > @@ -7777,7 +7777,7 @@ static int mov_read_iloc(MOVContext *c, AVIOContext *pb, MOVAtom atom) > > return 0; > > } > > > > - if (c->fc->nb_streams) { > > + if (c->fc->nb_streams || c->avif_info) { > > This first condition is now redundant, is it not? Iam not sure what exactly happens if a trak occurs before Iam also not sure what happens if multiple meta tags occur triggering the avif stream addition, i may be missing something but the code seems not to expect that Adding the author of this code to CC thx [...]
On Mon, Apr 17, 2023 at 4:18 PM Michael Niedermayer <michael@niedermayer.cc> wrote: > > On Mon, Apr 17, 2023 at 12:36:26PM +0200, Anton Khirnov wrote: > > Quoting Michael Niedermayer (2023-04-17 00:25:16) > > > Fixes: memleak > > > Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6674082962997248 > > > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > > --- > > > libavformat/mov.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/libavformat/mov.c b/libavformat/mov.c > > > index 057fd872b10..6853bb324cf 100644 > > > --- a/libavformat/mov.c > > > +++ b/libavformat/mov.c > > > @@ -7777,7 +7777,7 @@ static int mov_read_iloc(MOVContext *c, AVIOContext *pb, MOVAtom atom) > > > return 0; > > > } > > > > > > - if (c->fc->nb_streams) { > > > + if (c->fc->nb_streams || c->avif_info) { > > > > This first condition is now redundant, is it not? > > Iam not sure I think the second condition alone should be enough here. Either way, lgtm (if the current patch is more clearer for readers). > what exactly happens if a trak occurs before > If a trak occurs before, then the condition in the line above should take care of that case (!c->is_still_picture_avif). Because if a trak was found, it will not be considered a still picture. > Iam also not sure what happens if multiple meta tags occur triggering > the avif stream addition, i may be missing something but the code seems > not to expect that > Multiple meta tags are not allowed in the AVIF/HEIF specification. > Adding the author of this code to CC > > thx > > [...] > > -- > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > In a rich man's house there is no place to spit but his face. > -- Diogenes of Sinope -- Vignesh
On Tue, Apr 25, 2023 at 03:22:50PM -0700, Vignesh Venkatasubramanian wrote: > On Mon, Apr 17, 2023 at 4:18 PM Michael Niedermayer > <michael@niedermayer.cc> wrote: > > > > On Mon, Apr 17, 2023 at 12:36:26PM +0200, Anton Khirnov wrote: > > > Quoting Michael Niedermayer (2023-04-17 00:25:16) > > > > Fixes: memleak > > > > Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6674082962997248 > > > > > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > > > --- > > > > libavformat/mov.c | 2 +- > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > diff --git a/libavformat/mov.c b/libavformat/mov.c > > > > index 057fd872b10..6853bb324cf 100644 > > > > --- a/libavformat/mov.c > > > > +++ b/libavformat/mov.c > > > > @@ -7777,7 +7777,7 @@ static int mov_read_iloc(MOVContext *c, AVIOContext *pb, MOVAtom atom) > > > > return 0; > > > > } > > > > > > > > - if (c->fc->nb_streams) { > > > > + if (c->fc->nb_streams || c->avif_info) { > > > > > > This first condition is now redundant, is it not? > > > > Iam not sure > > I think the second condition alone should be enough here. Either way, > lgtm (if the current patch is more clearer for readers). Ill apply with teh first condition converted to an assert then > > > what exactly happens if a trak occurs before > > > > If a trak occurs before, then the condition in the line above should > take care of that case (!c->is_still_picture_avif). Because if a trak > was found, it will not be considered a still picture. > > > Iam also not sure what happens if multiple meta tags occur triggering > > the avif stream addition, i may be missing something but the code seems > > not to expect that > > > > Multiple meta tags are not allowed in the AVIF/HEIF specification. sure but what happens if the occur anyway, does the code handle that with no undefined behavior ? thx [...]
On Fri, Sep 29, 2023 at 12:21 PM Michael Niedermayer <michael@niedermayer.cc> wrote: > > On Tue, Apr 25, 2023 at 03:22:50PM -0700, Vignesh Venkatasubramanian wrote: > > On Mon, Apr 17, 2023 at 4:18 PM Michael Niedermayer > > <michael@niedermayer.cc> wrote: > > > > > > On Mon, Apr 17, 2023 at 12:36:26PM +0200, Anton Khirnov wrote: > > > > Quoting Michael Niedermayer (2023-04-17 00:25:16) > > > > > Fixes: memleak > > > > > Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6674082962997248 > > > > > > > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > > > > --- > > > > > libavformat/mov.c | 2 +- > > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > > > diff --git a/libavformat/mov.c b/libavformat/mov.c > > > > > index 057fd872b10..6853bb324cf 100644 > > > > > --- a/libavformat/mov.c > > > > > +++ b/libavformat/mov.c > > > > > @@ -7777,7 +7777,7 @@ static int mov_read_iloc(MOVContext *c, AVIOContext *pb, MOVAtom atom) > > > > > return 0; > > > > > } > > > > > > > > > > - if (c->fc->nb_streams) { > > > > > + if (c->fc->nb_streams || c->avif_info) { > > > > > > > > This first condition is now redundant, is it not? > > > > > > Iam not sure > > > > I think the second condition alone should be enough here. Either way, > > lgtm (if the current patch is more clearer for readers). > > Ill apply with teh first condition converted to an assert then > > sounds good. > > > > > what exactly happens if a trak occurs before > > > > > > > If a trak occurs before, then the condition in the line above should > > take care of that case (!c->is_still_picture_avif). Because if a trak > > was found, it will not be considered a still picture. > > > > > Iam also not sure what happens if multiple meta tags occur triggering > > > the avif stream addition, i may be missing something but the code seems > > > not to expect that > > > > > > > Multiple meta tags are not allowed in the AVIF/HEIF specification. > > sure but what happens if the occur anyway, does the code handle that > with no undefined behavior ? > yeah, the current code will treat each meta tag as a separate track (AVStream). This should be disallowed, i will send a patch to error out if more than one top-level meta box is seen. > thx > > [...] > -- > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > I have often repented speaking, but never of holding my tongue. > -- Xenocrates > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
On Tue, Oct 3, 2023 at 3:56 PM Vignesh Venkat <vigneshv@google.com> wrote: > > On Fri, Sep 29, 2023 at 12:21 PM Michael Niedermayer > <michael@niedermayer.cc> wrote: > > > > On Tue, Apr 25, 2023 at 03:22:50PM -0700, Vignesh Venkatasubramanian wrote: > > > On Mon, Apr 17, 2023 at 4:18 PM Michael Niedermayer > > > <michael@niedermayer.cc> wrote: > > > > > > > > On Mon, Apr 17, 2023 at 12:36:26PM +0200, Anton Khirnov wrote: > > > > > Quoting Michael Niedermayer (2023-04-17 00:25:16) > > > > > > Fixes: memleak > > > > > > Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6674082962997248 > > > > > > > > > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > > > > > --- > > > > > > libavformat/mov.c | 2 +- > > > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > > > > > diff --git a/libavformat/mov.c b/libavformat/mov.c > > > > > > index 057fd872b10..6853bb324cf 100644 > > > > > > --- a/libavformat/mov.c > > > > > > +++ b/libavformat/mov.c > > > > > > @@ -7777,7 +7777,7 @@ static int mov_read_iloc(MOVContext *c, AVIOContext *pb, MOVAtom atom) > > > > > > return 0; > > > > > > } > > > > > > > > > > > > - if (c->fc->nb_streams) { > > > > > > + if (c->fc->nb_streams || c->avif_info) { > > > > > > > > > > This first condition is now redundant, is it not? > > > > > > > > Iam not sure > > > > > > I think the second condition alone should be enough here. Either way, > > > lgtm (if the current patch is more clearer for readers). > > > > Ill apply with teh first condition converted to an assert then > > > > > > sounds good. > > > > > > > > what exactly happens if a trak occurs before > > > > > > > > > > If a trak occurs before, then the condition in the line above should > > > take care of that case (!c->is_still_picture_avif). Because if a trak > > > was found, it will not be considered a still picture. > > > > > > > Iam also not sure what happens if multiple meta tags occur triggering > > > > the avif stream addition, i may be missing something but the code seems > > > > not to expect that > > > > > > > > > > Multiple meta tags are not allowed in the AVIF/HEIF specification. > > > > sure but what happens if the occur anyway, does the code handle that > > with no undefined behavior ? > > > > yeah, the current code will treat each meta tag as a separate track > (AVStream). This should be disallowed, i will send a patch to error > out if more than one top-level meta box is seen. > The patch for disallowing multiple meta boxes is here: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20231003230423.951161-1-vigneshv@google.com/ > > thx > > > > [...] > > -- > > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > > > I have often repented speaking, but never of holding my tongue. > > -- Xenocrates > > _______________________________________________ > > ffmpeg-devel mailing list > > ffmpeg-devel@ffmpeg.org > > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > > > To unsubscribe, visit link above, or email > > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". > > > > -- > Vignesh
diff --git a/libavformat/mov.c b/libavformat/mov.c index 057fd872b10..6853bb324cf 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -7777,7 +7777,7 @@ static int mov_read_iloc(MOVContext *c, AVIOContext *pb, MOVAtom atom) return 0; } - if (c->fc->nb_streams) { + if (c->fc->nb_streams || c->avif_info) { av_log(c->fc, AV_LOG_INFO, "Duplicate iloc box found\n"); return 0; }
Fixes: memleak Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6674082962997248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/mov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)