From patchwork Thu May 16 22:29:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 13173 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 85FB9449B3C for ; Fri, 17 May 2019 01:51:04 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7011B689D15; Fri, 17 May 2019 01:51:04 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E9D8668999B for ; Fri, 17 May 2019 01:50:58 +0300 (EEST) Received: by mail-wm1-f66.google.com with SMTP id q15so4979480wmj.0 for ; Thu, 16 May 2019 15:50:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=VJLiTo6dzAwgVvy6qbzRZzh4Gs7gHTXhfAY/SNoHjgU=; b=KxCam6AGksXbqtgfpzPV3r/1q9KS2M2ZmiAzRZjVeC+b/wIvAQG7S4F6zeizEmWpa5 WA4FcIRyyra/p0AG2LKIKlkxly5EwiyYIXdOao6wKjrmpgL++XgrVDx9tB4q11lr7Moi a/5DfgApq52dFTJ+RjkKcoyuUIK21v5gFekUvtS3xE2P9YJie2GlM2M1HjpR1dqTp01s ajkaQ0U5ye0ohFsjLLIDiioHKOfSXQAVVI8qtorHniGW+gPPI3YM2hTEb5DouscLY7Mm PPyEDNs+qsHX58eTS3Y+0qabRB+CR+JEked4BtBcm+U0w4DFZCCaWCW9RkGX8iFmZQXk k1/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VJLiTo6dzAwgVvy6qbzRZzh4Gs7gHTXhfAY/SNoHjgU=; b=hsxwl8AfrdN98T95WvbcwtbpF61+8ASf4JhfqX+vAt3CQJOCS2DtK3b2+wcIcG8lFC Ala9iNCxKalSyekZC0D37Ki2fyGzw7VyBCLjobQQZAO97KTlNGqI4czA1l/wohCiXhC5 gcLQ/vp0X++6LUDt5Bn5rSC8YYmBG+HZIXoI0LixpKXGRE8aIkmVOINvayyqLeudv9oD No6wI90ekrW32RhrYPfKbvF4wo3QL20e+DrKmztnOewOt4gD6gVRP5Bdxeyupry9BZTQ +iWZK3BE6x5kjcNKtdZsOtogGb/EZF7kIzAxPa5aCHxU2lweGfNPp04y3PJ6F4+rV7eK I5BQ== X-Gm-Message-State: APjAAAV4s9vUcXMhxax4VXHnroZZKc1MkqqHgVuygp0T9+8xR8ih5EYu NhwEb+muBRX+h/5OoKXz0KIfJ2ce X-Google-Smtp-Source: APXvYqz9q0dQMJKOFGx21WmeQT9DnS/QLz0BGIemOYInOmV3gCU12AeFTisFFnGMQz/ThWUov2twcw== X-Received: by 2002:a05:600c:492:: with SMTP id d18mr14443558wme.59.1558046590014; Thu, 16 May 2019 15:43:10 -0700 (PDT) Received: from localhost.localdomain (ipbcc18715.dynamic.kabel-deutschland.de. [188.193.135.21]) by smtp.gmail.com with ESMTPSA id i185sm11168725wmg.32.2019.05.16.15.43.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 16 May 2019 15:43:09 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Fri, 17 May 2019 00:29:54 +0200 Message-Id: <20190516223018.30827-11-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190516223018.30827-1-andreas.rheinhardt@gmail.com> References: <20190516223018.30827-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 10/37] avformat/matroskadec: Properly check return values X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Up until now, webm_dash_manifest_cues used the return values of ebml_read_num and ebml_read_length without checking for errors, i.e. return values < 0. This has been changed. Signed-off-by: Andreas Rheinhardt --- libavformat/matroskadec.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 34bc86f25f..0f7decb212 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -3931,12 +3931,17 @@ static int webm_dash_manifest_cues(AVFormatContext *s, int64_t init_range) cues_start = seekhead[i].pos + matroska->segment_start; if (avio_seek(matroska->ctx->pb, cues_start, SEEK_SET) == cues_start) { // cues_end is computed as cues_start + cues_length + length of the - // Cues element ID + EBML length of the Cues element. cues_end is - // inclusive and the above sum is reduced by 1. - uint64_t cues_length = 0, cues_id = 0, bytes_read = 0; - bytes_read += ebml_read_num(matroska, matroska->ctx->pb, 4, &cues_id); - bytes_read += ebml_read_length(matroska, matroska->ctx->pb, &cues_length); - cues_end = cues_start + cues_length + bytes_read - 1; + // Cues element ID (i.e. 4) + EBML length of the Cues element. + // cues_end is inclusive and the above sum is reduced by 1. + uint64_t cues_length, cues_id; + int bytes_read; + bytes_read = ebml_read_num (matroska, matroska->ctx->pb, 4, &cues_id); + if (bytes_read < 0 || cues_id != (MATROSKA_ID_CUES & 0xfffffff)) + return bytes_read < 0 ? bytes_read : AVERROR_INVALIDDATA; + bytes_read = ebml_read_length(matroska, matroska->ctx->pb, &cues_length); + if (bytes_read < 0) + return bytes_read; + cues_end = cues_start + 4 + bytes_read + cues_length - 1; } avio_seek(matroska->ctx->pb, before_pos, SEEK_SET); if (cues_start == -1 || cues_end == -1) return -1;