From patchwork Thu Apr 23 03:07:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 19180 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 4BE0E44B4F3 for ; Thu, 23 Apr 2020 06:07:57 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2373D68BDEA; Thu, 23 Apr 2020 06:07:57 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com [209.85.221.67]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 71DE568BD9F for ; Thu, 23 Apr 2020 06:07:51 +0300 (EEST) Received: by mail-wr1-f67.google.com with SMTP id g13so5014725wrb.8 for ; Wed, 22 Apr 2020 20:07:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=DVqKBGqVmXrSkCyskDrsdxiMn5X+4AWgDBgQnl53VwQ=; b=KYLDOwDPmr7XZ9mVsuAkbUtXcJDocMFuKotDyUzWs/4mKlWQS293fxm4GjsrReLl1A Ci++gmNWf2f04mu3GlQ7TmMa2rIb268w+i+95VYR8xneSCLDXWAPo5M9Pp3c5rQh6p8K +78NvIyHEWaCTsulpDYIbwTpmmHqqNFtBv1v6tfP0Q+E1Kn1kv7LqYGPOzbaAPJXP1hB 8u+w7qtHy1CtaS9GRilwsSzGe1W8LmHwUeq+2I/oKnfJR2MfS3A+eaQVbLE0vMdUPllH E90pJkw/IrjW9Cq3cuAc0pMHx1/V9ibVtDowb10I4SjvADJR/N4ssqU/kxkSyvBGDScB CvTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=DVqKBGqVmXrSkCyskDrsdxiMn5X+4AWgDBgQnl53VwQ=; b=t3kuEd98e6BHE9sFFSCK0OA7s3NwqprrJlkKLyB6UYhwzsEfO3d4plU4b3+8blGAQZ YS/MrKOIG41E/RONSRpnIDilvxaG+HFco60PMXPTUcEP8jFqY3DMLtksDEnlOgCBQAUH qHWrI3qBRRXJ7bu0SB1itFjy8X/Jolsz89z8WtqH8roKvzgfCjPlAZfU6Ig9Wn1wQdED AMjf1s55z04vsNRLbXQBPcIgM7ESZitB/iwF64gYkN80WWi0ZYOj6PqPvmH+R+TKKCDM /JgoUeKfEwVKIg5CawrUz1fyvKUt92IGqNkbWoY4s2HlnVbRwkrBocxodiSNi7TY3ZDw KbTg== X-Gm-Message-State: AGi0PuYvmen1ZDC703rJsJzRxYI62mKnMJMOJLh9lSOTZalC6DDNgvBN Ppz/r42RD8PtURJG4RkjMyEYR5qd X-Google-Smtp-Source: APiQypKIKGeb0q6r0imaTSJA4EXHkOYHly9rGGgc3BYJwXW9mgsBqr5YRr5AFN2OzlHRqol8837KMw== X-Received: by 2002:adf:f342:: with SMTP id e2mr2191216wrp.146.1587611270598; Wed, 22 Apr 2020 20:07:50 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1ab57.dynamic.kabel-deutschland.de. [188.193.171.87]) by smtp.gmail.com with ESMTPSA id m1sm1497733wro.64.2020.04.22.20.07.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Apr 2020 20:07:49 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Thu, 23 Apr 2020 05:07:31 +0200 Message-Id: <20200423030741.12158-1-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 01/11] avformat/matroskadec: Reject sipr flavor > 3 X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Only flavors 0..3 seem to exist. E.g. rmdec.c treats any flavor > 3 as invalid data. Furthermore, we do not know how big the packets to create ought to be given that for sipr these values are not read from the bitstream, but from a table. Furthermore, flavor is only used for sipr, so only check it for sipr; rmdec.c does the same. (The old check for flavor being < 0 was always wrong given that flavor is an int that is read via avio_rb16(), so it has been removed completely.) Signed-off-by: Andreas Rheinhardt --- libavformat/matroskadec.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 8e1326abf6..8c65e98e77 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -2606,28 +2606,30 @@ static int matroska_parse_tracks(AVFormatContext *s) track->audio.sub_packet_h = avio_rb16(&b); track->audio.frame_size = avio_rb16(&b); track->audio.sub_packet_size = avio_rb16(&b); - if (flavor < 0 || - track->audio.coded_framesize <= 0 || + if (track->audio.coded_framesize <= 0 || track->audio.sub_packet_h <= 0 || track->audio.frame_size <= 0 || track->audio.sub_packet_size <= 0 && codec_id != AV_CODEC_ID_SIPR) return AVERROR_INVALIDDATA; - track->audio.buf = av_malloc_array(track->audio.sub_packet_h, - track->audio.frame_size); - if (!track->audio.buf) - return AVERROR(ENOMEM); + if (codec_id == AV_CODEC_ID_RA_288) { st->codecpar->block_align = track->audio.coded_framesize; track->codec_priv.size = 0; } else { - if (codec_id == AV_CODEC_ID_SIPR && flavor < 4) { + if (codec_id == AV_CODEC_ID_SIPR) { static const int sipr_bit_rate[4] = { 6504, 8496, 5000, 16000 }; + if (flavor > 3) + return AVERROR_INVALIDDATA; track->audio.sub_packet_size = ff_sipr_subpk_size[flavor]; st->codecpar->bit_rate = sipr_bit_rate[flavor]; } st->codecpar->block_align = track->audio.sub_packet_size; extradata_offset = 78; } + track->audio.buf = av_malloc_array(track->audio.sub_packet_h, + track->audio.frame_size); + if (!track->audio.buf) + return AVERROR(ENOMEM); } else if (codec_id == AV_CODEC_ID_FLAC && track->codec_priv.size) { ret = matroska_parse_flac(s, track, &extradata_offset); if (ret < 0)