From patchwork Sat May 8 01:17:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lance Wang X-Patchwork-Id: 27688 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:b214:0:0:0:0:0 with SMTP id b20csp1020920iof; Fri, 7 May 2021 18:18:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyOFc+wrlc0Ev8eLr3O0tCLO6n3xEvuVaW3iWv1KNmOppXQ9BCxAbxAFuU/fZWniQdHl6my X-Received: by 2002:a17:906:49c1:: with SMTP id w1mr13531806ejv.178.1620436689672; Fri, 07 May 2021 18:18:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620436689; cv=none; d=google.com; s=arc-20160816; b=kyYP9Wn/Z2MWc+/iyQIFpElC9TaUalGsmH5F025PSzlMFT0p70yRsux3+MlJT+hv0m RntuHM4tAptbLdd8TTfIqDarLxUIiuA/Zlh1K5Ud45ljlbpGYFuCI6VayHimwVii4qzi Yc5UVFSCfonZR5+hNKG9VP5YZMDgU/xvZu56xKdxk90ZWyGbGjn4veQhTo1t4GcIqRgI 9CslJAlnoEThlUa3gFPFJxDRCZpJ9jb8RhGOIhN5hUoL21QgzhlAV/BxHRsYBJA0bNbF i5nFDvqB6ZcmJpsRZ03jKgGxzGduCI5p2UKxgZF0vWQSdts/87PoKEDRgNywmi/4A1ja BAwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=yc79da11+fOXQVuyITRK7VwPTsij9+1A4o7O5ED5q60=; b=UuUVWR8afS9uJUccHV8GtH8ZmvlTtqvhyYgcSkXIIX8C/WVsTiA+pnXJqV2Mx4VM/E xQSqGU9kOn0ZJyksAiprMJMaSpEnyhB9KUmjuTW1AYka8uZPMeL0+ZNq7kGCFRuErfI9 KctSnSUW6X4abNIQcKcj05Jo+ZsZeTfbubA4ahTDPwYYR6wCBfLnRmAiAVOSuzzNcHyI gONh0BxPlgvgYtJH6/ZfR6B5jB2Lz50WOgrphozNgBAnOKQtEmFPbAjzAV9Dn8bbesvb UVg/2AK/mVOgE4DdWPwFoHBxqboHxDu0M5WhQeNvj7HFUtvrDFWSz23+BSEI0Csg2P7T nL9g== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=DV+YHdia; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id ka23si2100943ejc.344.2021.05.07.18.18.09; Fri, 07 May 2021 18:18:09 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=DV+YHdia; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2D7F16807FB; Sat, 8 May 2021 04:17:56 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4BD75680295 for ; Sat, 8 May 2021 04:17:49 +0300 (EEST) Received: by mail-pl1-f170.google.com with SMTP id 69so1513305plc.5 for ; Fri, 07 May 2021 18:17:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=7gJCnJq5dKHKR0sv9Fgn2me7ZtEwE2u2D+gBcrdzVMY=; b=DV+YHdiaUilyRa1YdpKCKObLQLhlZw+9Zpijm9vBOLu034Prn+smnAV+zv19/eVKal NVMWqD6R2UuyHzDggiDxRdpTWAbW129xlPDHzH2Q0d3+EkiUhLOB+W88HWWi/PBYijCG 8gZcX+mQL1YZnT/YAGgMNDn0gbNrfI7W7JqHSMjvZuqHO3NAKHmOI0R7+aExc3unnS/3 x6weaTxILjr3WpWakStV3xaOVNQexoEKspTi5oXhYy4EMNLozMbekKXnLxe37buITf0R 6OWpdpF5pSh6IoNEAY4RCBU433a4n3Ka7han5diW2slAqHMBCU1g/7dEpoLMO89ZruP1 LDZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=7gJCnJq5dKHKR0sv9Fgn2me7ZtEwE2u2D+gBcrdzVMY=; b=EnPiZczbykLCZRNGMl3GuMFcdh4gjG9qScXzyYcXSmRJFG+uesDkBjkC1DCk37FLeK SfQiSDYCk1KTf+BZj4Rvnm9KjMR6KZZtglLidZbrsFZcFAhS8yXO0LdWivYeGQjSimJD grkWJh+2Atat4w7bN3Gi1mpoqnRDdVXXO0n1q2swZ4jTeZxt2AgPwY3CnkUGsR+0lhJD gFIXd4xWxxnSOtpYziWeo6H4WbFjJxdVhU+myvqHmL9oERk2h3ckOPCdM1Yf+QJnvMPq 7LnYPmbXLhejO/rWa+b/vDTtDBZo5vRBRnddXNlJda87HlhpzT0pD64JshoqGfMVxH1x tarQ== X-Gm-Message-State: AOAM532eJUQDxfIeofsGNF7r7vLOi3+reKivx0QT+CKYDIPOmAa1vsbL etQXyvFCurboEXnQntD9RKRsgK+4vio= X-Received: by 2002:a17:90a:1782:: with SMTP id q2mr13352309pja.73.1620436667248; Fri, 07 May 2021 18:17:47 -0700 (PDT) Received: from vpn2.localdomain ([161.117.202.209]) by smtp.gmail.com with ESMTPSA id s184sm5776261pgc.29.2021.05.07.18.17.46 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 07 May 2021 18:17:46 -0700 (PDT) From: lance.lmwang@gmail.com To: ffmpeg-devel@ffmpeg.org Date: Sat, 8 May 2021 09:17:36 +0800 Message-Id: <1620436656-18917-2-git-send-email-lance.lmwang@gmail.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1620436656-18917-1-git-send-email-lance.lmwang@gmail.com> References: <1620350584-21215-1-git-send-email-lance.lmwang@gmail.com> <1620436656-18917-1-git-send-email-lance.lmwang@gmail.com> Subject: [FFmpeg-devel] [PATCH v3 2/2] avformat: add data_size for ff_hex_to_data() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Limin Wang MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: Y0gaE6/BZ4tQ From: Limin Wang This prevents OOM in case of data buffer size is insufficient. Signed-off-by: Limin Wang --- libavformat/hls.c | 4 +++- libavformat/internal.h | 6 ++++-- libavformat/rtpdec_latm.c | 6 ++++-- libavformat/rtpdec_mpeg4.c | 6 ++++-- libavformat/utils.c | 7 +++++-- 5 files changed, 20 insertions(+), 9 deletions(-) diff --git a/libavformat/hls.c b/libavformat/hls.c index 8fc6924..d7d0387 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -800,7 +800,9 @@ static int parse_playlist(HLSContext *c, const char *url, if (!strcmp(info.method, "SAMPLE-AES")) key_type = KEY_SAMPLE_AES; if (!av_strncasecmp(info.iv, "0x", 2)) { - ff_hex_to_data(iv, info.iv + 2); + ret = ff_hex_to_data(iv, sizeof(iv), info.iv + 2); + if (ret < 0) + goto fail; has_iv = 1; } av_strlcpy(key, info.uri, sizeof(key)); diff --git a/libavformat/internal.h b/libavformat/internal.h index d57e63c..3192aca 100644 --- a/libavformat/internal.h +++ b/libavformat/internal.h @@ -423,10 +423,12 @@ char *ff_data_to_hex(char *buf, const uint8_t *src, int size, int lowercase); * digits is ignored. * * @param data if non-null, the parsed data is written to this pointer + * @param data_size the data buffer size * @param p the string to parse - * @return the number of bytes written (or to be written, if data is null) + * @return the number of bytes written (or to be written, if data is null), + * or < 0 in case data_size is insufficient if data isn't null. */ -int ff_hex_to_data(uint8_t *data, const char *p); +int ff_hex_to_data(uint8_t *data, int data_size, const char *p); /** * Add packet to an AVFormatContext's packet_buffer list, determining its diff --git a/libavformat/rtpdec_latm.c b/libavformat/rtpdec_latm.c index 104a00a..cf1d581 100644 --- a/libavformat/rtpdec_latm.c +++ b/libavformat/rtpdec_latm.c @@ -91,7 +91,7 @@ static int latm_parse_packet(AVFormatContext *ctx, PayloadContext *data, static int parse_fmtp_config(AVStream *st, const char *value) { - int len = ff_hex_to_data(NULL, value), i, ret = 0; + int len = ff_hex_to_data(NULL, 0, value), i, ret = 0; GetBitContext gb; uint8_t *config; int audio_mux_version, same_time_framing, num_programs, num_layers; @@ -100,7 +100,9 @@ static int parse_fmtp_config(AVStream *st, const char *value) config = av_mallocz(len + AV_INPUT_BUFFER_PADDING_SIZE); if (!config) return AVERROR(ENOMEM); - ff_hex_to_data(config, value); + ret = ff_hex_to_data(config, len, value); + if (ret < 0) + return ret; init_get_bits(&gb, config, len*8); audio_mux_version = get_bits(&gb, 1); same_time_framing = get_bits(&gb, 1); diff --git a/libavformat/rtpdec_mpeg4.c b/libavformat/rtpdec_mpeg4.c index 34c7950..27751df 100644 --- a/libavformat/rtpdec_mpeg4.c +++ b/libavformat/rtpdec_mpeg4.c @@ -112,11 +112,13 @@ static void close_context(PayloadContext *data) static int parse_fmtp_config(AVCodecParameters *par, const char *value) { /* decode the hexa encoded parameter */ - int len = ff_hex_to_data(NULL, value), ret; + int len = ff_hex_to_data(NULL, 0, value), ret; if ((ret = ff_alloc_extradata(par, len)) < 0) return ret; - ff_hex_to_data(par->extradata, value); + ret = ff_hex_to_data(par->extradata, par->extradata_size, value); + if (ret < 0) + return ret; return 0; } diff --git a/libavformat/utils.c b/libavformat/utils.c index 9228313..dfe9f4c 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -4768,7 +4768,7 @@ char *ff_data_to_hex(char *buff, const uint8_t *src, int s, int lowercase) return buff; } -int ff_hex_to_data(uint8_t *data, const char *p) +int ff_hex_to_data(uint8_t *data, int data_size, const char *p) { int c, len, v; @@ -4787,8 +4787,11 @@ int ff_hex_to_data(uint8_t *data, const char *p) break; v = (v << 4) | c; if (v & 0x100) { - if (data) + if (data) { + if (len >= data_size) + return AVERROR(ERANGE); data[len] = v; + } len++; v = 1; }