From patchwork Sat May 14 20:55:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35770 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:a885:b0:7f:4be2:bd17 with SMTP id ca5csp876635pzb; Sat, 14 May 2022 13:56:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxXeurbCz0Ysgu5FJApPtKPMWs5CnRLRiM68l/OcSpJ0mQ4DsJXC+VfRCza4bfVZBD4YaFH X-Received: by 2002:a17:907:2cc7:b0:6fa:7356:f411 with SMTP id hg7-20020a1709072cc700b006fa7356f411mr9201224ejc.369.1652561777875; Sat, 14 May 2022 13:56:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652561777; cv=none; d=google.com; s=arc-20160816; b=HFQiUGl2sf9/H9a2ej61NuDPCsxrbNCgfof+IHfU0+2RS+s30ILuNaMIl0xgf3feJ4 YOVw/xSvy3jRV00U6QOsQECAvMAt9hJBfgmJok85VSj4ULD++M0tz9sFum3jU73n35DG qSEgrd8nyJ5NTorTuWUQlQoUl/iHzKCscRZiyscpAiuMdZJ2ybE/1ZxjRQ2iCirffUpN 4hpdA/j61WHvBTTZ7nBmW/UWCn4veEj5sNtH33UrElRtKIqsMBg+PqXv+KizCBB+IDi6 b/7RTdTPz0VasTHzlOQAIf+waZH8Z0Qxi+9WZOT3tysooy4JkRgI3jPkTvnRUfTVoD8k 5+5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=89mZpGzjOtRjqpzUR+O5C6P5fDYN97LSlQ1VWbJa/n8=; b=sL061jwWoKVebuTRSFKJ18tyCxp4uOCV/lXZqQYL1Q91lp3tAeZI2CElS9R2D9oURd GXu9B3n9r8qnfoVZR7/8utqiQmqQBwWrE9a9eeOkmJCUBTtfTvX1J91YE36yV+9isfTS 2tBIqIbuwvqrSPwV6kVFNncKhYqphNDvmrZRdkXM9rCjEuu3VJnhCqk0Dl3FJ/AuUpVj aqozmRk2jwUu2kv/vHmqE8ya8EFsbyOsHIEIKp2dPyCB5Rnah4lvmkJYgbKPq3yoFBGu zccza8EYLEKyr3NuKbHWkSP34XYCchuL/Fi/dRtryat4tW0Lu2mivUhMer61RX1XlhVz ikBQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=RI3aGA19; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id w24-20020a170906481800b006df76385ca1si5282258ejq.321.2022.05.14.13.56.17; Sat, 14 May 2022 13:56:17 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=RI3aGA19; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 26B1B68B4B1; Sat, 14 May 2022 23:55:39 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com [209.85.216.44]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 0C11F68B47A for ; Sat, 14 May 2022 23:55:30 +0300 (EEST) Received: by mail-pj1-f44.google.com with SMTP id nr2-20020a17090b240200b001df2b1bfc40so761300pjb.5 for ; Sat, 14 May 2022 13:55:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=D9c7VBND5lM6c2l/hN37gsSq6r7rOHfuot8SuI5nRzI=; b=RI3aGA19udvI87USc9Npm5P8m9FtX6ATz5+o1/4/h1mjfp3guWW0U4g0MTapvVy1ro oZElStxH44Tb5bebA68e5iSMr91iK0wpsc7btdJIeONaIJeYXJj9hMPvOFS0BA1O53uH GsAHzFF5KGbBXgVkrXmBHoAaxLiL2me/uEbyOs/coKVKzCZWlH9nSzlokz1xG9cx6P12 IS0emNXEkpNl4LKyF1Xg4pN0w9gSGg9a43hsg60Y9dw9e2RnK5vSA3mxRaI2vhuFuSuI gHbZ0BvaBA3JJVmgaByCkvlqWrF82GdlF7hrzS/cBaQ+kwQaFPhV19vuszUWAFqbX43c GsXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=D9c7VBND5lM6c2l/hN37gsSq6r7rOHfuot8SuI5nRzI=; b=PJjDqSo8o+IumrpJq5QVu/55umEqAqSBzoChmdf9JHmdoKq2pS17AfMgnP27n5EV9L Z/WDaT+dtoJK1hWA8bj+7VAc1KAwXx6V6farC/x10R0VtI+pqJ76ylzk3PyI9H+GhzLJ 3JuJI9hWBP+w61zqmiUPr/9ZwieS4TkAMczTXsFmww4q1ZmztHFSWvGI4dHY086wJi8V a9IpjHFsrzG9CKH7de6tHSP+CNZtG8jjN9WyQiwkifkT0g71aFu3oQROw/4cxlceY0xY 3bO3oK3QHjcfUyPLjINF3oBbrFWG+GopvCsZHgwIYsgIcNF6dF2TzGrC/4oUZy9i218X YiNg== X-Gm-Message-State: AOAM533ff/+vyl22Cfy2Dte5UfLGpXLbMHYh5yX+tqh54jhALxUTQHYD LolVP5QoeFwGCVPKUWv2iqOHlSRoQ4zyuA== X-Received: by 2002:a17:90b:1bc2:b0:1de:dac7:6124 with SMTP id oa2-20020a17090b1bc200b001dedac76124mr15488613pjb.162.1652561728442; Sat, 14 May 2022 13:55:28 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id 26-20020aa7915a000000b00512ee2f2363sm2456952pfi.99.2022.05.14.13.55.27 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 May 2022 13:55:27 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: <025123f72d9bbb2bbea7b063c7255cf6c77746a3.1652561722.git.ffmpegagent@gmail.com> In-Reply-To: References: Date: Sat, 14 May 2022 20:55:16 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v4 04/10] libavformat/asfdec: fixing get_tag X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: bxSiWcdn4yHD From: softworkz These three are closely related and can't be separated easily: In get_tag, the code was adding 22 bytes (in order to allow it to hold 64bit numbers as string) to the value len for creating creating a buffer. This was unnecessarily imposing a size-constraint on the value_len parameter. The code in get_tag, was limiting the maximum value_len to half the size of INT32. This was applied for all value types, even though it is required only in case of ASF_UNICODE, not for any other ones (like ASCII). get_tag was always allocating a buffer regardless of the datatype, even though this isn't required in case of ASF_BYTE_ARRAY The check for the return value from ff_asf_handle_byte_array() being >0 is removed here because the log message is emitted by the function itself now. Signed-off-by: softworkz --- libavformat/asfdec_f.c | 54 +++++++++++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 14 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index eda7175c96..cb7da2d679 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -222,37 +222,63 @@ static uint64_t get_value(AVIOContext *pb, int type, int type2_size) static void get_tag(AVFormatContext *s, const char *key, int type, uint32_t len, int type2_size) { ASFContext *asf = s->priv_data; - char *value = NULL; int64_t off = avio_tell(s->pb); -#define LEN 22 - - av_assert0((unsigned)len < (INT_MAX - LEN) / 2); + char *value = NULL; + uint64_t required_bufferlen; + int buffer_len; if (!asf->export_xmp && !strncmp(key, "xmp", 3)) goto finish; - value = av_malloc(2 * len + LEN); + switch (type) { + case ASF_UNICODE: + required_bufferlen = (uint64_t)len * 2 + 1; + break; + case -1: // ASCII + required_bufferlen = (uint64_t)len + 1; + break; + case ASF_BYTE_ARRAY: + ff_asf_handle_byte_array(s, key, len); + goto finish; + case ASF_BOOL: + case ASF_DWORD: + case ASF_QWORD: + case ASF_WORD: + required_bufferlen = 22; + break; + case ASF_GUID: + required_bufferlen = 33; + break; + default: + required_bufferlen = len; + break; + } + + if (required_bufferlen > INT32_MAX) { + av_log(s, AV_LOG_VERBOSE, "Unable to handle values > INT32_MAX in tag %s.\n", key); + goto finish; + } + + buffer_len = (int)required_bufferlen; + + value = av_malloc(buffer_len); if (!value) goto finish; switch (type) { case ASF_UNICODE: - avio_get_str16le(s->pb, len, value, 2 * len + 1); + avio_get_str16le(s->pb, len, value, buffer_len); break; - case -1: // ASCI - avio_read(s->pb, value, len); - value[len]=0; + case -1: // ASCII + avio_read(s->pb, value, buffer_len - 1); + value[buffer_len - 1] = 0; break; - case ASF_BYTE_ARRAY: - if (ff_asf_handle_byte_array(s, key, len) > 0) - av_log(s, AV_LOG_VERBOSE, "Unsupported byte array in tag %s.\n", key); - goto finish; case ASF_BOOL: case ASF_DWORD: case ASF_QWORD: case ASF_WORD: { uint64_t num = get_value(s->pb, type, type2_size); - snprintf(value, LEN, "%"PRIu64, num); + snprintf(value, buffer_len, "%"PRIu64, num); break; } case ASF_GUID: