From patchwork Sun Oct 29 12:39:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 5741 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.2.161.90 with SMTP id m26csp1539967jah; Sun, 29 Oct 2017 05:39:50 -0700 (PDT) X-Google-Smtp-Source: ABhQp+TP2KWBBzT7icPAi/ssexssRnam3GOYyRylKlRe63GB6mW3EN+WTjz3W+7pvTDLvy9akRLE X-Received: by 10.223.147.68 with SMTP id 62mr4623348wro.261.1509280790591; Sun, 29 Oct 2017 05:39:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1509280790; cv=none; d=google.com; s=arc-20160816; b=wm9U9h2oBKalbom+8WL8Ejm+xnnyVSz1TXqXlEwdh2NAVyrKvk3h9VAIhR/V5+qiIL C8C6pAcuqDZDSq0FcoqxoUYLSvX5HMpNKQL7cfixWuDS0tb2HVAt2o+K1sFLHCd3zUKm j7Yj8vkATrBNJNxf30cYsakY3VWbCobdYawwPLxisnVO84scMye72dr4UphJyrcH33lo bYYD7o8Z3VWD7E55+sN/Y0x58jAxrz1UXs7cqR2VSSEDsDC0zqwfB8XuwJ1nb+WljkUd f4yEvnfunnpZ+K9hh7aoZODAblUJibXVzQIwK1dGgox9LGnVYlr2OwOOlbvl96pwv4Ex C4Iw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :in-reply-to:mime-version:references:message-id:to:from:date :delivered-to:arc-authentication-results; bh=KQIfAAtnm4ROcSyDWlcpDTRI+pE6fMYAripnToh6jRI=; b=RSbnErtjJ6TZtz6o/nnQzJBUzFlsTImTAcXW3UFYH1iPRNmYIKUj+OQcHV22fQLqSO 0QAdkCi6R62X7kDjlIdsvfA4859sx9OKVKxbG1vWTxvS6QMsHP9uNaLmptu1tuj6k18U 0YASeq7y5SMoRv9kG4gN7ahqDDd7WUs0C3uiHixSr98q3W2MVdyJMTN3iXH/GpvukGW2 NNFRg0MnxK4UUvgS2q5s/wbVbbPA7C7ENu2c7mTTYHHXmT7ezCXV5HsvBBhLD2Zqiafa Ce9t6VE9KdeZL6Q2XE3X8+hblUo7nWnp6lwYeQg22qktBmoZEb9SGUMX072DQwQnmmnB qcxw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id l23si6803669wrc.455.2017.10.29.05.39.49; Sun, 29 Oct 2017 05:39:50 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 30F11689D7C; Sun, 29 Oct 2017 14:39:39 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [217.70.183.196]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 84C39689C70 for ; Sun, 29 Oct 2017 14:39:32 +0200 (EET) X-Originating-IP: 213.47.41.20 Received: from localhost (213-47-41-20.cable.dynamic.surfer.at [213.47.41.20]) (Authenticated sender: michael@niedermayer.cc) by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id 07C0C172098; Sun, 29 Oct 2017 13:39:40 +0100 (CET) Date: Sun, 29 Oct 2017 13:39:06 +0100 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20171029123906.GO6009@nb4> References: <20171020232635.GN6009@nb4> <20171023231828.22216-1-isasi@google.com> <20171024214835.GL6009@nb4> <20171028182616.GL6009@nb4> MIME-Version: 1.0 In-Reply-To: <20171028182616.GL6009@nb4> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [FFmpeg-devel] [PATCH] lavf/mov.c: Fix parsing of edit list atoms with invalid elst entry count. X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: isasi@google.com Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" On Sat, Oct 28, 2017 at 08:26:16PM +0200, Michael Niedermayer wrote: > On Thu, Oct 26, 2017 at 08:51:50PM -0700, Sasi Inguva wrote: > > On Tue, Oct 24, 2017 at 2:48 PM, Michael Niedermayer > > wrote: > > > > > On Mon, Oct 23, 2017 at 04:18:28PM -0700, Sasi Inguva wrote: > > > > Signed-off-by: Sasi Inguva > > > > --- > > > > libavformat/mov.c | 15 +++++++- > > > > tests/fate/mov.mak | 4 ++ > > > > tests/ref/fate/mov-invalid-elst-entry-count | 57 > > > +++++++++++++++++++++++++++++ > > > > 3 files changed, 75 insertions(+), 1 deletion(-) > > > > create mode 100644 tests/ref/fate/mov-invalid-elst-entry-count > > > > > > > > diff --git a/libavformat/mov.c b/libavformat/mov.c > > > > index b22a116140..424293ad93 100644 > > > > --- a/libavformat/mov.c > > > > +++ b/libavformat/mov.c > > > > @@ -4597,6 +4597,7 @@ static int mov_read_elst(MOVContext *c, > > > AVIOContext *pb, MOVAtom atom) > > > > { > > > > MOVStreamContext *sc; > > > > int i, edit_count, version; > > > > + int64_t elst_entry_size; > > > > > > > > if (c->fc->nb_streams < 1 || c->ignore_editlist) > > > > return 0; > > > > @@ -4605,6 +4606,15 @@ static int mov_read_elst(MOVContext *c, > > > AVIOContext *pb, MOVAtom atom) > > > > version = avio_r8(pb); /* version */ > > > > avio_rb24(pb); /* flags */ > > > > edit_count = avio_rb32(pb); /* entries */ > > > > + atom.size -= 8; > > > > + > > > > + elst_entry_size = version == 1 ? 20 : 12; > > > > + if (atom.size != edit_count * elst_entry_size && > > > > + c->fc->strict_std_compliance >= FF_COMPLIANCE_STRICT) { > > > > + av_log(c->fc, AV_LOG_ERROR, "Invalid edit list entry_count: %d > > > for elst atom of size: %"PRId64" bytes.\n", > > > > + edit_count, atom.size + 8); > > > > + return AVERROR_INVALIDDATA; > > > > + } > > > > > > > > if (!edit_count) > > > > return 0; > > > > @@ -4617,17 +4627,20 @@ static int mov_read_elst(MOVContext *c, > > > AVIOContext *pb, MOVAtom atom) > > > > return AVERROR(ENOMEM); > > > > > > > > av_log(c->fc, AV_LOG_TRACE, "track[%u].edit_count = %i\n", > > > c->fc->nb_streams - 1, edit_count); > > > > - for (i = 0; i < edit_count && !pb->eof_reached; i++) { > > > > + for (i = 0; i < edit_count && atom.size > 0 && !pb->eof_reached; > > > i++) { > > > > MOVElst *e = &sc->elst_data[i]; > > > > > > > > if (version == 1) { > > > > e->duration = avio_rb64(pb); > > > > e->time = avio_rb64(pb); > > > > + atom.size -= 16; > > > > } else { > > > > e->duration = avio_rb32(pb); /* segment duration */ > > > > e->time = (int32_t)avio_rb32(pb); /* media time */ > > > > + atom.size -= 8; > > > > } > > > > e->rate = avio_rb32(pb) / 65536.0; > > > > + atom.size -= 4; > > > > av_log(c->fc, AV_LOG_TRACE, "duration=%"PRId64" time=%"PRId64" > > > rate=%f\n", > > > > e->duration, e->time, e->rate); > > > > > > it would be simpler to adjust edit_count in case of ineqality. > > > you already compute the elst_entry_size > > > this would also avoid allocating a larger than needed array > > > > > > Done. Attaching the corrected patch. > > > > > > > > [...] > > > > > > -- > > > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > > > > > Many things microsoft did are stupid, but not doing something just because > > > microsoft did it is even more stupid. If everything ms did were stupid they > > > would be bankrupt already. > > > > > > _______________________________________________ > > > ffmpeg-devel mailing list > > > ffmpeg-devel@ffmpeg.org > > > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > > > > > > > > libavformat/mov.c | 21 +++++++++- > > tests/fate/mov.mak | 4 + > > tests/ref/fate/mov-invalid-elst-entry-count | 57 ++++++++++++++++++++++++++++ > > 3 files changed, 81 insertions(+), 1 deletion(-) > > c553340f66797876d039f408f83574a40c54d17b 0001-lavf-mov.c-Fix-parsing-of-edit-list-atoms-with-inval.patch > > From 188602e662868a79c7f85e9193e9aedc9ba1a170 Mon Sep 17 00:00:00 2001 > > From: Sasi Inguva > > Date: Wed, 18 Oct 2017 20:11:16 -0700 > > Subject: [PATCH] lavf/mov.c: Fix parsing of edit list atoms with invalid elst > > entry count. > > applied It seems this fails on ARM qemu TEST mov-invalid-elst-entry-count Test mov-invalid-elst-entry-count failed. Look at tests/data/fate/mov-invalid-elst-entry-count.err for details. make: *** [fate-mov-invalid-elst-entry-count] Error 1 [...] --- tests/ref/fate/mov-invalid-elst-entry-count 2017-10-29 13:26:29.180224127 +0100 +++ tests/data/fate/mov-invalid-elst-entry-count 2017-10-29 13:38:18.536239072 +0100 @@ -8,50 +8,50 @@ #sar 0: 1/1 #stream#, dts, pts, duration, size, hash 0, 0, 0, 1, 460800, 549730883a0b56e6accaf021903daecf -0, 1, 1, 1, 460800, 783389b4342d4be925fc5244791e760a -0, 2, 2, 1, 460800, 8384af6426d94a2077930c93013e09ad -0, 3, 3, 1, 460800, 9380a1d9ecacf5b3105383c1c8083188 -0, 4, 4, 1, 460800, eb28174acfceb868b9058757bed049c5 -0, 5, 5, 1, 460800, 9732bd4a58884dbf2be48d819433130f -0, 6, 6, 1, 460800, 0c553fb530cf042eb84f5b13817a96a6 -0, 7, 7, 1, 460800, 621f02aded5e35fa1f373afd3ed283bd -0, 8, 8, 1, 460800, c76167c6bda91f657708c88252ea315d -0, 9, 9, 1, 460800, 872df2d8c522e2440ddd04bca7dce497 -0, 10, 10, 1, 460800, 6ee9154e48c5132ad4ba122b255bd2bb -0, 11, 11, 1, 460800, 362e61629795702ebe9183ce3786d7f2 -0, 12, 12, 1, 460800, f3ec59e6fc4e3c2e75f42bef34ca73b5 -0, 13, 13, 1, 460800, 68d9caea8697736dd716cba43b614919 -0, 14, 14, 1, 460800, 4a4efb0201a64236db4330725758c139 -0, 15, 15, 1, 460800, f32f8997dcdd87ad910dea886a0de17d -0, 16, 16, 1, 460800, 51a8549d7b4aaacaf6050bc07a82b440 -0, 17, 17, 1, 460800, 5145aa05bbb0c3faab40fc8fa233af1d -0, 18, 18, 1, 460800, bbfcbe3c9600b2a0f413057d7959e9e7 -0, 19, 19, 1, 460800, 02cfd4a350fa274e12fce8352001bf21 -0, 20, 20, 1, 460800, 20dd372da9e656add433f31e3e9c1fb8 -0, 21, 21, 1, 460800, 3b885593f8b42676ce40c329a63f62bf -0, 22, 22, 1, 460800, c38b453b56c3ea14f7d8691d83752486 -0, 23, 23, 1, 460800, 79643132988dabc9dc1ba3af0aeaebc5 -0, 24, 24, 1, 460800, 60a099be31244b2f69ca6107cdbd7e06 -0, 25, 25, 1, 460800, 1de6ff4e0aa81216e4b7b1c8e74fb143 -0, 26, 26, 1, 460800, 5223a81e6964c28cf42593f259397aa1 -0, 27, 27, 1, 460800, 2dfcf01c86aa712cd6f1c7656eeb17db -0, 28, 28, 1, 460800, 8c86ee0f02fabccaed8d8fc8babd031e -0, 29, 29, 1, 460800, b3ea1983f7efeec11306445d9ae5d477 -0, 30, 30, 1, 460800, 86a4cc9fa7db5ff5ca2be69ad191179f -0, 31, 31, 1, 460800, 8194715afe23ae34a019797a53a6ee2c -0, 32, 32, 1, 460800, 447a153f1c6bb703eff62edfd14e08e0 -0, 33, 33, 1, 460800, 092257082789b898dbb14d1f19e79347 -0, 34, 34, 1, 460800, d6320d204a119cfeef5645a4118bc600 -0, 35, 35, 1, 460800, 2ee710deae4bb0d156528797ad1c4981 -0, 36, 36, 1, 460800, 1256eac030985c04c4501ad5a72e9d66 -0, 37, 37, 1, 460800, f16ad8c1aa572be7666c7907ce4aebbc -0, 38, 38, 1, 460800, 865088cbd47d0151b62a45d5426c8216 -0, 39, 39, 1, 460800, 26c78ca43d93c6da153f3dea5d945e0e -0, 40, 40, 1, 460800, d775d6705c965401ccc143d5ae432938 -0, 41, 41, 1, 460800, f9837d514753c59e6776452d9043524f -0, 42, 42, 1, 460800, 8463f5172914828abcc770f888bfd183 -0, 43, 43, 1, 460800, 3108557748cfb7965b33b16b35359de0 -0, 44, 44, 1, 460800, 477d596944e028dd72c207bb6e6b22de -0, 45, 45, 1, 460800, 69e4ffbd600c8d8bc070d7d7324ee2b1 -0, 46, 46, 1, 460800, 2211c57bc9ec1788217002900f9102b1 -0, 47, 47, 1, 460800, bcfb5f0a7f88da3ec8c6b447ed4b67eb +0, 1, 1, 1, 460800, 775562e27486a2c36c0349df75f6d4a0 +0, 2, 2, 1, 460800, 3636927be803c7d268a48fb2052b90a1 +0, 3, 3, 1, 460800, 015bcde069a5c4cf3739400a5929980e +0, 4, 4, 1, 460800, bc3583f954eae618828cfe8b030943d6 +0, 5, 5, 1, 460800, d2716fdc5eed8cde9126170caad647f3 +0, 6, 6, 1, 460800, 33ba34bede74e292ac3d8983215a2fb9 +0, 7, 7, 1, 460800, 86d9a78c874b583abaab13904418be05 +0, 8, 8, 1, 460800, ac343233031e7f6210983e6a8d3ff0f0 +0, 9, 9, 1, 460800, d0c8b10539808d816a0629d50115da51 +0, 10, 10, 1, 460800, f2e89405cf1a977ed92593b790863ba3 +0, 11, 11, 1, 460800, dfcb845ade78744be3f09c3f6e39c343 +0, 12, 12, 1, 460800, ae32bb4886a7c32bd6d9166854dd2996 +0, 13, 13, 1, 460800, 38e556eca3301f4493a80814907cab72 +0, 14, 14, 1, 460800, a604c22a62faa29da2f15d1657f2b601 +0, 15, 15, 1, 460800, 256c65a300c5d0fd55294461a94a951d +0, 16, 16, 1, 460800, 12fa29377baf8ec06636a12658067e59 +0, 17, 17, 1, 460800, 90e197533dca39d92d761912300d8da4 +0, 18, 18, 1, 460800, d28a6429a157deb55737bda95bc155f9 +0, 19, 19, 1, 460800, e57be4b099a80c7aaebc24f1532a674c +0, 20, 20, 1, 460800, 9188eac3bb43f8862f476c3a6940d17f +0, 21, 21, 1, 460800, ee7956492057442f86fe582577640b98 +0, 22, 22, 1, 460800, 029a8cdc7c6c86fdb96a4b8714e70530 +0, 23, 23, 1, 460800, bee2eeadc2d31a655c3e27a089da98f0 +0, 24, 24, 1, 460800, 93e124d391bb707b6d393b9b27391186 +0, 25, 25, 1, 460800, b678115be54d0d339b499ef43cde7aa2 +0, 26, 26, 1, 460800, 2ecd64473e956cdeb589dbc4bedf7aca +0, 27, 27, 1, 460800, f3691b67f915a0675f4ca096d83a90fa +0, 28, 28, 1, 460800, 576dadb29b63c99e9a2dd61920336da3 +0, 29, 29, 1, 460800, 364301bd29a2bdb46a0aac0fdc543ca3 +0, 30, 30, 1, 460800, 32ad47e9909abf79bc3c357f10d6ffdd +0, 31, 31, 1, 460800, 0eb19cdd1e9029aa5d974267efcab083 +0, 32, 32, 1, 460800, 9ca0c86309fb33ae98c76e5736c9101c +0, 33, 33, 1, 460800, c4adb0d6c303969cb4dd721bcb626f89 +0, 34, 34, 1, 460800, 1eaf768d6b4b9fd67ff32da1e4a204af +0, 35, 35, 1, 460800, 2b5112b639711ae561e43c17f20df51c +0, 36, 36, 1, 460800, f90526f5eecb3458fa7cb171d50207ff +0, 37, 37, 1, 460800, 7d51cee34cd6273b5a319d0bfe4a749b +0, 38, 38, 1, 460800, 63e55f48bd5de98be1302aafd8210c18 +0, 39, 39, 1, 460800, 176e8c8497d21f30d5a9c74e12503ddd +0, 40, 40, 1, 460800, eb7f75e02200a6d5e4a815762e621699 +0, 41, 41, 1, 460800, a7768ce2fe79f3c8209a8eedcc9f9bea +0, 42, 42, 1, 460800, 7279e5439354cac6b6742e9b5ff019b5 +0, 43, 43, 1, 460800, a1e8807e2c831c3005eee641b4766b89 +0, 44, 44, 1, 460800, e5b377763bd638d3104775b32f8dcd1c +0, 45, 45, 1, 460800, d37fc113aedb5c7d0e12b2cfdebc344f +0, 46, 46, 1, 460800, ae595183aeafa259568d352b61106d7f +0, 47, 47, 1, 460800, e5710c9af7febb4861fd139d74513c87