From patchwork Tue May 16 16:05:49 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rob Meyers X-Patchwork-Id: 3679 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.10.2 with SMTP id 2csp538540vsk; Tue, 16 May 2017 09:14:05 -0700 (PDT) X-Received: by 10.28.99.9 with SMTP id x9mr7318152wmb.102.1494951245194; Tue, 16 May 2017 09:14:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494951245; cv=none; d=google.com; s=arc-20160816; b=PaLWGl3FiavB+hc3XiH6umvgnajJF9HBJYBdfzHkbLW+qKOiIzMdefLgVBx6d8ZCnL kIF679NwbFzVoH0dPXD8bfsogtKBjrINJQnq5lCX2ru1T5Mff3mSE5kM+gqcbDzVuCZP qh1OM5NxEAvStSt+bBNt38qSh0O2Ped13ODUtzXRsd0RO0XyQ7wB/xNap6fh1xCxXzZd trdr4TRb2t6tGSZIG3Xk0LdQ/jpWzoeYIUH35Kdgn557sJgvUJXwwukR58Kq9FJUt2XC uvmNW4gz6Z+4EW/EDkWNtrU9eVyhXhntg3K8HOjQGEGyXe5E/gaqg3cfIIjkqVJgRPAw sdqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:dkim-signature :delivered-to:arc-authentication-results; bh=zwXui+hCo2ghNFCqWBxn/VoVewaeY2aUhtcPZwar5hc=; b=G0Qgu9AGD+x5/v7gN0/T/W8AC7jIPUozs6fVU1w2BQmOagrerUzyrBPykhVLzY2V4M s32rNnx+wACf9OyMSp9ggo1d4Fcs0n8KRRwttX0aFxTKkshJPO8D9zVzm3IBx9ZfKLUD DfoCoMwpATKxq3hiH5/UJ3fm8WsYC/I9CnB4TWR2KvlX4YB+kTIAExHLizQWvSSzW0mz munLwtqZs2J2kGlKo5Y2L2FYfT9gZy41ngUEtsTL5VWuv+447x3OAWWasTIUZaGWL0EL AQSL2mqPiHMvDt4UUFoFikDRF8qiBF+0M7cx1ZR2v2lTqWHDRcK0zY9NZH8RWaQqJE+L Hgig== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id u201si5893088wmu.6.2017.05.16.09.14.04; Tue, 16 May 2017 09:14:05 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 06DFF68991D; Tue, 16 May 2017 19:14:02 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pf0-f180.google.com (mail-pf0-f180.google.com [209.85.192.180]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id ACBBA68973A for ; Tue, 16 May 2017 19:13:54 +0300 (EEST) Received: by mail-pf0-f180.google.com with SMTP id m17so82753879pfg.3 for ; Tue, 16 May 2017 09:13:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=PQkEHzs9Q/cn8Q66+gK64wV6MEAKXfQH9Ul3w3Z/FW4=; b=m1iY2PoabzP2G1TGhaMsn7pFKWCKpyHU1Iy1xH+o8ZTxDJpwdA9SwKyemXOaOH/Br5 RaApo6/SCjeeZ/j2fYwNCwBAdewxpjLjsUtHJiVuANWF2jU6+J0gvKASZuNAIz9WhHvi ymYwFbwW70QOHn6ZlACR27tSUDK3nu7P47A2Y5z/4YovMkFESeuvKYDGnvq8YIleq/Va eptCil+JD1rl2KDWF6JQKCdjmCi+FsuPkOvSSUNud3S0ehDQAc2a6tPDtJgwr4TvxQFH 2ECSfBLp+Rfves0YAKAzLlc4UiH/GKULUaMQKKsLsxSLYYnv3xgYlDN0O4uiapcrPyYS NHwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=PQkEHzs9Q/cn8Q66+gK64wV6MEAKXfQH9Ul3w3Z/FW4=; b=S+dsU8l2xHq5MhYuG7OIlHImEfu35qgx7+8Zz+bgvNUXuDWEr2MbYW+k7cPZGnvEfL 1OXivHXcgzTw7ckCpxgGoq8na5PARTNyKEBSWsJ7CYMXwD7BWur9f/quldba9ALbVcUx 0Bjb6srjuT/yFN3HmpqewSLOJgb+ZJ1VQnosJEDqAFKH4v787jFV0FOqkTlQQN05xMRu p4yY1Ma7UrVNBp6SyOB08eY0bw9EZgBctRbid4MwplP47bM84aDxZl5GTGhSkQRkRafk 4wdf6EPi/TyAz8Rj+B7iE9EovrUVuYUi4iQo1VwIe64/WjcYNUqnYKjF1CjgQQstVXHn KsuQ== X-Gm-Message-State: AODbwcCPu8qB6BRjPkI/z6QFoI2FHsG+/lLAPep8xtOYP6UDXUYhq0YU XpkSh5HUvTl6MDKN X-Received: by 10.98.216.198 with SMTP id e189mr13102825pfg.61.1494950752079; Tue, 16 May 2017 09:05:52 -0700 (PDT) Received: from robertmeyers0.mtv.corp.google.com ([100.98.24.67]) by smtp.gmail.com with ESMTPSA id w67sm12603751pfi.2.2017.05.16.09.05.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 16 May 2017 09:05:51 -0700 (PDT) From: Rob Meyers To: ffmpeg-devel@ffmpeg.org Date: Tue, 16 May 2017 09:05:49 -0700 Message-Id: <20170516160549.53653-1-robertmeyers@google.com> X-Mailer: git-send-email 2.13.0.303.g4ebf302169-goog Subject: [FFmpeg-devel] [PATCH] libavformat: data loss in message accumulation in fill_buffer() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Rob Meyers MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" We noticed when reading data from a named pipe the first 10 bytes would get dropped. I traced this to the affected code in fill_buffer(). The assignment of "dst" was always set to the beginning of the buffer, and if it hadn't been consumed yet the data would be overwritten. We could reproduce this by setting up a server that writes to the named pipe in two small (6 byte) messages with a 1 second gap between. Without the gap, or if the data is sent as one message, there's no problem. It's in the accumulation of data between messages to fulfill a read that this bug is triggered. --- libavformat/aviobuf.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c index 0a7c39eacd..4e04cb79e0 100644 --- a/libavformat/aviobuf.c +++ b/libavformat/aviobuf.c @@ -519,9 +519,7 @@ void avio_write_marker(AVIOContext *s, int64_t time, enum AVIODataMarkerType typ static void fill_buffer(AVIOContext *s) { - int max_buffer_size = s->max_packet_size ? - s->max_packet_size : IO_BUFFER_SIZE; - uint8_t *dst = s->buf_end - s->buffer + max_buffer_size < s->buffer_size ? + uint8_t *dst = !s->max_packet_size && s->buf_end - s->buffer < s->buffer_size ? s->buf_end : s->buffer; int len = s->buffer_size - (dst - s->buffer);