From patchwork Sun Jun 10 10:36:39 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marton Balint X-Patchwork-Id: 9344 Delivered-To: ffmpegpatchwork@gmail.com Received: by 2002:a02:11c:0:0:0:0:0 with SMTP id c28-v6csp2902282jad; Sun, 10 Jun 2018 03:37:04 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJmmuFdmddi5clxliJ3ugO0wXZbrcsHyBtNRQb9puIvJBUk3wBWGAei+uctlDu1TyPC7cAj X-Received: by 2002:a1c:45db:: with SMTP id l88-v6mr5224758wmi.19.1528627024675; Sun, 10 Jun 2018 03:37:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528627024; cv=none; d=google.com; s=arc-20160816; b=YYI9zij60kH8SIZXuGQqTW5H+sm2NLXnP8il4P58NJwFPJ2I2+TXTXYD4rx600d5Nq vi9Wd1S7CQXN8nW83azqzxtsaZGtdtEW+t5hXeZ7QE7vXhU+kNlVUPOZ++8j7+jO9ASF OandI8SucDh17u7eUmzzcC76pTuKhS7Cnuz6ysvQMPRR3e28R4JOrGM7i2d/aTQMRavb xZCBwykfK7nbxE5owbBptQUal6FAjWP838EqdbAxPYJWhBiKylagSl0YmepARHEet/CR c5TcDbl0iCr7Lr2R4bK3ICwbIOD1dHPYiBLtaywbxfq6uh3bL4qjKIvdpOtswlm8mt/z Uwgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:delivered-to :arc-authentication-results; bh=Y+y31b/heuspFAGHGbRYdlGE0sOaqDQJOzQX66uGgoM=; b=CNP83f/dnsawPmJSY461QXKtYEw8JoUqunf9zjtu5HUBFS4hZiTgkDQKzRY/jNvEx2 l4QJKRXY+GzjB3WfX91gR0dk7qpn+Hwgqpg9GFT8oRqnxCXPNGw0yu3ckjyD1eG4PPuT cLGQHTYQ+ZihBmBZpKLXvV7lrJJXvFMXWzYoaZVuygTOrvFCLzXev7BZbe47kyGAl6sx mL17P9cWN17GTPhzgJcX9dbNNXGqL6IBkPDvdKTHtymd1kOyC8fEBwpeoqnPlpPAN+1h 8cjW+KYPT0L+7hIipD6JOZi77dJpOwo0Gv8ehK7I14p/RU1yYL28I2k23r9x1mqn4YGR 6ORg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id b37-v6si14656187wrg.255.2018.06.10.03.37.03; Sun, 10 Jun 2018 03:37:04 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id CFD8168A965; Sun, 10 Jun 2018 13:36:12 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from iq.passwd.hu (iq.passwd.hu [217.27.212.140]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3C35E68A76B for ; Sun, 10 Jun 2018 13:36:06 +0300 (EEST) Received: from localhost (localhost [127.0.0.1]) by iq.passwd.hu (Postfix) with ESMTP id C127AE102D; Sun, 10 Jun 2018 12:36:54 +0200 (CEST) X-Virus-Scanned: amavisd-new at passwd.hu Received: from iq.passwd.hu ([127.0.0.1]) by localhost (iq.passwd.hu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NYPtQMpxm8pk; Sun, 10 Jun 2018 12:36:53 +0200 (CEST) Received: from bluegene.passwd.hu (localhost [127.0.0.1]) by iq.passwd.hu (Postfix) with ESMTP id 57B7FE0E49; Sun, 10 Jun 2018 12:36:53 +0200 (CEST) From: Marton Balint To: ffmpeg-devel@ffmpeg.org Date: Sun, 10 Jun 2018 12:36:39 +0200 Message-Id: <20180610103650.10155-1-cus@passwd.hu> X-Mailer: git-send-email 2.16.4 Subject: [FFmpeg-devel] [PATCH 01/12] avformat/mxfdec: store next_klv in KLVPacket X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Marton Balint MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Signed-off-by: Marton Balint --- libavformat/mxf.h | 1 + libavformat/mxfdec.c | 13 ++++++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/libavformat/mxf.h b/libavformat/mxf.h index 19f8d8a9f5..93bc2cd075 100644 --- a/libavformat/mxf.h +++ b/libavformat/mxf.h @@ -62,6 +62,7 @@ typedef struct KLVPacket { UID key; int64_t offset; uint64_t length; + int64_t next_klv; } KLVPacket; typedef struct MXFCodecUL { diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index b3d3e237c0..a5c5fb3b8a 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -392,7 +392,7 @@ static int mxf_read_sync(AVIOContext *pb, const uint8_t *key, unsigned size) static int klv_read_packet(KLVPacket *klv, AVIOContext *pb) { - int64_t length; + int64_t length, pos; if (!mxf_read_sync(pb, mxf_klv_key, 4)) return AVERROR_INVALIDDATA; klv->offset = avio_tell(pb) - 4; @@ -402,6 +402,10 @@ static int klv_read_packet(KLVPacket *klv, AVIOContext *pb) if (length < 0) return length; klv->length = length; + pos = avio_tell(pb); + if (pos > INT64_MAX - length) + return AVERROR_INVALIDDATA; + klv->next_klv = pos + length; return 0; } @@ -3264,7 +3268,7 @@ static int mxf_read_packet_old(AVFormatContext *s, AVPacket *pkt) IS_KLV_KEY(klv.key, mxf_avid_essence_element_key)) { int body_sid = find_body_sid_by_offset(mxf, klv.offset); int index = mxf_get_stream_index(s, &klv, body_sid); - int64_t next_ofs, next_klv; + int64_t next_ofs; AVStream *st; if (index < 0) { @@ -3279,10 +3283,9 @@ static int mxf_read_packet_old(AVFormatContext *s, AVPacket *pkt) if (s->streams[index]->discard == AVDISCARD_ALL) goto skip; - next_klv = avio_tell(s->pb) + klv.length; next_ofs = mxf_set_current_edit_unit(mxf, klv.offset); - if (next_ofs >= 0 && next_klv > next_ofs) { + if (next_ofs >= 0 && klv.next_klv > next_ofs) { /* if this check is hit then it's possible OPAtom was treated as OP1a * truncate the packet since it's probably very large (>2 GiB is common) */ avpriv_request_sample(s, @@ -3314,7 +3317,7 @@ static int mxf_read_packet_old(AVFormatContext *s, AVPacket *pkt) return ret; /* seek for truncated packets */ - avio_seek(s->pb, next_klv, SEEK_SET); + avio_seek(s->pb, klv.next_klv, SEEK_SET); return 0; } else