From patchwork Wed Nov  7 13:34:43 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?q?Fran=C3=A7ois_Revol?= <revol@free.fr>
X-Patchwork-Id: 10951
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 9072044DFEE
	for <patchwork@ffaux-bg.ffmpeg.org>;
	Wed,  7 Nov 2018 15:51:44 +0200 (EET)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id F0F8B68A6AF;
	Wed,  7 Nov 2018 15:51:15 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from smtpfb2-g21.free.fr (smtpfb2-g21.free.fr [212.27.42.10])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 78C8E68A277
	for <ffmpeg-devel@ffmpeg.org>; Wed,  7 Nov 2018 15:51:08 +0200 (EET)
Received: from smtp5-g21.free.fr (smtp5-g21.free.fr [212.27.42.5])
	by smtpfb2-g21.free.fr (Postfix) with ESMTP id F37F09B9D6
	for <ffmpeg-devel@ffmpeg.org>; Wed,  7 Nov 2018 14:35:05 +0100 (CET)
Received: from me.mmu (unknown [IPv6:2a01:e35:2f46:f520:f2de:f1ff:fe47:4134])
	by smtp5-g21.free.fr (Postfix) with ESMTP id CCD7E5FFD8;
	Wed,  7 Nov 2018 14:34:58 +0100 (CET)
From: =?UTF-8?q?Fran=C3=A7ois=20Revol?= <revol@free.fr>
To: ffmpeg-devel@ffmpeg.org
Date: Wed,  7 Nov 2018 14:34:43 +0100
Message-Id: <20181107133443.4978-1-revol@free.fr>
X-Mailer: git-send-email 2.19.1
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH] libavformat/ffmetadec: use dynamic
	allocation for line buffer
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <http://ffmpeg.org/mailman/options/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <http://ffmpeg.org/pipermail/ffmpeg-devel/>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <http://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Cc: =?UTF-8?q?Fran=C3=A7ois=20Revol?= <revol@free.fr>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

When adding thumbnails to OGG files, the line can easily go up to 100kB.

We thus try to allocate the file size or SIZE_MAX to avoid truncation.
---
 libavformat/ffmetadec.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/libavformat/ffmetadec.c b/libavformat/ffmetadec.c
index 3290b3b7bc..ccbff51c03 100644
--- a/libavformat/ffmetadec.c
+++ b/libavformat/ffmetadec.c
@@ -128,16 +128,26 @@ static int read_tag(const uint8_t *line, AVDictionary **m)
 static int read_header(AVFormatContext *s)
 {
     AVDictionary **m = &s->metadata;
-    uint8_t line[1024];
+    int64_t line_size = avio_size(s->pb);
+    uint8_t *line;
+
+    if (line_size < 1 || line_size > SIZE_MAX)
+       line_size = SIZE_MAX;
+
+    line = av_malloc(line_size);
+    if (!line)
+        return AVERROR(ENOMEM);
 
     while(!avio_feof(s->pb)) {
-        get_line(s->pb, line, sizeof(line));
+        get_line(s->pb, line, line_size);
 
         if (!memcmp(line, ID_STREAM, strlen(ID_STREAM))) {
             AVStream *st = avformat_new_stream(s, NULL);
 
-            if (!st)
+            if (!st) {
+                av_free(line);
                 return AVERROR(ENOMEM);
+            }
 
             st->codecpar->codec_type = AVMEDIA_TYPE_DATA;
             st->codecpar->codec_id   = AV_CODEC_ID_FFMETADATA;
@@ -146,8 +156,10 @@ static int read_header(AVFormatContext *s)
         } else if (!memcmp(line, ID_CHAPTER, strlen(ID_CHAPTER))) {
             AVChapter *ch = read_chapter(s);
 
-            if (!ch)
+            if (!ch) {
+                av_free(line);
                 return AVERROR(ENOMEM);
+            }
 
             m = &ch->metadata;
         } else
@@ -160,6 +172,7 @@ static int read_header(AVFormatContext *s)
                                    s->chapters[s->nb_chapters - 1]->time_base,
                                    AV_TIME_BASE_Q);
 
+    av_free(line);
     return 0;
 }