From patchwork Mon Apr 15 08:30:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Tomas_H=C3=A4rdin?= X-Patchwork-Id: 12749 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id B574344969F for ; Mon, 15 Apr 2019 11:30:50 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 96D2768A92A; Mon, 15 Apr 2019 11:30:50 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail.acc.umu.se (mail.acc.umu.se [130.239.18.156]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id D5FF468A4BD for ; Mon, 15 Apr 2019 11:30:44 +0300 (EEST) Received: from localhost (localhost.localdomain [127.0.0.1]) by amavisd-new (Postfix) with ESMTP id 03BF244B96 for ; Mon, 15 Apr 2019 10:30:44 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=acc.umu.se; s=mail1; t=1555317044; bh=qammq/+uCeQqvkjsY8VElj805zML+xTS9NXTt8cVhGE=; h=Subject:From:To:Date:From; b=xA24zUYUL/kqfVXbrvNHMXS5vrZ6Vs1oK2bBRygoJrQ1tLVJVSr0CiYdtG88E92jQ JXuvm0R+TxdobJdSr5mVjjphDrDJ+6KvLlL1O+IGV/OVAa9Ppf1PqcmRaY0oByX/uW wX9msqF90LVUWoSTI4GXcxMVfBvfUQ778kf+hsfSOXUh7GOzi9ZDMaycr9TZdagIJA dntxPDTDCwCxMfofgjGDrZ1dd3tRUxu0lyk26UznQCuF6hLcttQjbMn/SZaNXIOoxY Y2SdqZ4GEC6FCll7mzkwIInL37+J06PiKtoFSSlcABuSdMa9ZwRGvNT97O0fsvcMjG /DA7pyKNC09Yg== Received: from [172.23.147.133] (unknown [172.23.147.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: tjoppen) by mail.acc.umu.se (Postfix) with ESMTPSA id 3593A44B93 for ; Mon, 15 Apr 2019 10:30:43 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=acc.umu.se; s=mail1; t=1555317043; bh=qammq/+uCeQqvkjsY8VElj805zML+xTS9NXTt8cVhGE=; h=Subject:From:To:Date:From; b=pK2K3hPR5xsEZg+RFFHvzFu8TseZj2dQLjNhHHkrEFXJCaSEslbulFZkBmhzSfUtm Y0CcOkhtb7b2etc92aqtrHpK+nozLjjBsHAOR3+zNKAoc/BP5E96PQzDe7BuBYMwG1 e4kY1V3IncVT73cSUUOUEXSzosWB/TaRgn5qlFfl4f+hNazOrVNy6jjw2eGpnP+A/C qwrVH54mo241/dmUroR8Q7FqzAV8UWw8Bh630MsiyP6DSzu7gl/jTy/QEmk8YVoMfu 7yh9ypMBIjK4VFHW/e0R81y0diNQD1/YxZKMIyGZM1t5pa2oVAk08zATCNJYZxru9F RrGJs8/IYGlsQ== Message-ID: <1555317042.30431.3.camel@acc.umu.se> From: Tomas =?ISO-8859-1?Q?H=E4rdin?= To: ffmpeg-devel Date: Mon, 15 Apr 2019 10:30:42 +0200 X-Mailer: Evolution 3.22.6-1+deb9u1 Mime-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] mxfdec: Constrain run-in to 64k X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" This isn't likely to be a huge problem, but it allows us to reason more about run-in. It also exposes my gripe about klv_read_packet() using mxf_read_sync() /Tomas From c2d66c4aa3105e33f8485234ca760da699cdfb4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomas=20H=C3=A4rdin?= Date: Sun, 14 Apr 2019 21:18:35 +0200 Subject: [PATCH] mxfdec: Constrain run-in to 64k S377m says we should. Fix use of magic 14s while we're at it. --- libavformat/mxfdec.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 8c65a2bbcf..6af760c5c4 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -282,6 +282,7 @@ typedef struct MXFContext { int local_tags_count; uint64_t footer_partition; KLVPacket current_klv_data; +#define MXF_MAX_RUN_IN 65535 /* S377m section 5.5 */ int run_in; MXFPartition *current_partition; int parsing_backward; @@ -383,10 +384,10 @@ static int64_t klv_decode_ber_length(AVIOContext *pb) return size; } -static int mxf_read_sync(AVIOContext *pb, const uint8_t *key, unsigned size) +static int mxf_read_sync(AVIOContext *pb, const uint8_t *key, unsigned size, int64_t max_read) { int i, b; - for (i = 0; i < size && !avio_feof(pb); i++) { + for (i = 0; i < size && !avio_feof(pb) && max_read > 0; i++, max_read--) { b = avio_r8(pb); if (b == key[0]) i = 0; @@ -399,7 +400,7 @@ static int mxf_read_sync(AVIOContext *pb, const uint8_t *key, unsigned size) static int klv_read_packet(KLVPacket *klv, AVIOContext *pb) { int64_t length, pos; - if (!mxf_read_sync(pb, mxf_klv_key, 4)) + if (!mxf_read_sync(pb, mxf_klv_key, 4, INT64_MAX)) return AVERROR_INVALIDDATA; klv->offset = avio_tell(pb) - 4; memcpy(klv->key, mxf_klv_key, 4); @@ -3149,11 +3150,13 @@ static int mxf_read_header(AVFormatContext *s) mxf->last_forward_tell = INT64_MAX; - if (!mxf_read_sync(s->pb, mxf_header_partition_pack_key, 14)) { + if (!mxf_read_sync(s->pb, mxf_header_partition_pack_key, + sizeof(mxf_header_partition_pack_key), + MXF_MAX_RUN_IN + sizeof(mxf_header_partition_pack_key))) { av_log(s, AV_LOG_ERROR, "could not find header partition pack key\n"); return AVERROR_INVALIDDATA; } - avio_seek(s->pb, -14, SEEK_CUR); + avio_seek(s->pb, -sizeof(mxf_header_partition_pack_key), SEEK_CUR); mxf->fc = s; mxf->run_in = avio_tell(s->pb); @@ -3591,6 +3594,10 @@ static int mxf_probe(const AVProbeData *p) { /* Must skip Run-In Sequence and search for MXF header partition pack key SMPTE 377M 5.5 */ end -= sizeof(mxf_header_partition_pack_key); + if (end - bufp > MXF_MAX_RUN_IN) { + end = bufp + MXF_MAX_RUN_IN; + } + for (; bufp < end;) { if (!((bufp[13] - 1) & 0xF2)){ if (AV_RN32(bufp ) == AV_RN32(mxf_header_partition_pack_key ) && -- 2.11.0