From patchwork Wed May 6 07:14:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 19516 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id B6EB644A493 for ; Wed, 6 May 2020 10:14:50 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8EEC168973D; Wed, 6 May 2020 10:14:50 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id B82DF688392 for ; Wed, 6 May 2020 10:14:44 +0300 (EEST) Received: by mail-wm1-f65.google.com with SMTP id v8so4210865wma.0 for ; Wed, 06 May 2020 00:14:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=i6n7A3stHMVbhJf9i9V6wd6F/p1UjOt/HJNr2Tnm5wg=; b=SNAZGPAjeMTpysShizPOQZgZVV5fyPT4yXqNHQJoE0BZp+EpHsvw23SnIyzh17QH0S DINh4P6uEc42bCCmGM1x0gdA2efoakAhbC6cVA+IvqKLPd9pa/36VWNl7Ex7cUcysSif LAOJUfPS8TM1aldpviv+wWEnJBBi4LvUm9GDPQhB+tVad2EHYx/oXqOPiI4E207L+7zW TV3uDiqhH8xuFX2A1zjApKJ+cWqe6IemYwZYzn9pG64jCeVV5/eBenSlwF/mEW1gbZ0C Ip2SQJQm4i7Q7QfLAPBXKI2SmUuIZC1rl3wBS1Z4tSzSqKnEs4qKpZYl6q/5eFSG6cPy aDDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=i6n7A3stHMVbhJf9i9V6wd6F/p1UjOt/HJNr2Tnm5wg=; b=V4M2pe/GmuGn1xww8Zcl3U6cAjDDIWe5MoT4P/puMmsnrvegFJlL5pDBikbDv4wix+ BwSRUq6c4cpONHgLaEReBZ9YCYcSAvgvG/eGL3IkdSdDn5yFNxagagD/Bpa+2yGiDyB1 L2iGHSApt4TcqxpWITK97/AJpzhlS8k0gulQmTdTYO+gAg2drpAN837qgeUD1qVillUm bc2eEPN/J/zypYk5LrAJyv8/z/tIeCGyb819ozxINBGZz7/pAx+nNX+kzHByRVWmh8E0 der/2rWBWA92dCOa+aM201k+nOJuxQJZwWEQmGnbwZXWExGs4csq15IJr2L/DhJ/2Bwi IgQQ== X-Gm-Message-State: AGi0PuYOQptFvVJnO0HgOndrkbVLkPB8AfpRrzMYTJuEFRGGX534O1Ma gs2KlQr6ilv+SrrjkNu6sA5wqFY5 X-Google-Smtp-Source: APiQypKiHnnlWlhlEXlet+LBtfcOswmvD32TWaoUrISa5sqBrDgOxzSwayeOlyvzwRDUOd0riM4Rjw== X-Received: by 2002:a05:600c:210:: with SMTP id 16mr2566549wmi.57.1588749283809; Wed, 06 May 2020 00:14:43 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1ab57.dynamic.kabel-deutschland.de. [188.193.171.87]) by smtp.gmail.com with ESMTPSA id g69sm1718205wmg.17.2020.05.06.00.14.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 May 2020 00:14:43 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Wed, 6 May 2020 09:14:33 +0200 Message-Id: <20200506071433.10023-1-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] avformat/hlsenc: Don't segfault on uncommon names X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The parsing process of the AVOpt-enabled string controlling the mapping of input streams to variant streams is roughly as follows: Space and tab separate variant stream group maps while the entries in each variant stream group map are separated by ','. The parsing process of each variant stream group proceeded as follows: At first the number of occurences of "a:", "v:" and "s:" in each variant stream group is calculated so that one can can allocate an array of streams with this number of entries. Then the string is split along ',' and each substring is parsed. If such a substring starts with "a:", "s:" or "v:" it is treated as stream specifier and (if there is a correct number after ':') a stream of the variant stream is mapped to one of the actual input streams. Nothing actually guarantees that the number of streams allocated initially equals the number of streams that are mapped to an actual input stream. These numbers can differ if e.g. the name, the sgroup, agroup or ccgroup of the variant stream contain "a:", "s:" or "v:". The problem hereby is that the rest of the code presumes these numbers to be equal and segfaults if it isn't (because the corresponding input stream is NULL). This commit fixes this by modifying the initial counting process to only count occurences of "a:", "s:" or "v:" that are at the beginning or that immediately follow a ','. Signed-off-by: Andreas Rheinhardt --- Alternatively, one could error out if these two counts differed (in which case one can conclude that one of the other values must have contained "a:", "s:" or "v:"). I have not done so, because using these doesn't seem to be forbidden at all and there might even be usecases (think of "name:The_Lord_of_the_Rings:_The_Two_Towers" or "Avengers:"). Furthermore modifying the check has the advantage of not allocating to much and it also allows to introduce keys that end with 'a', 's' or 'v'. libavformat/hlsenc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c index 5695c6cc95..a381ca3e9e 100644 --- a/libavformat/hlsenc.c +++ b/libavformat/hlsenc.c @@ -1951,10 +1951,13 @@ static int parse_variant_stream_mapstring(AVFormatContext *s) return AVERROR(EINVAL); q = varstr; - while (q < varstr + strlen(varstr)) { + while (1) { if (!av_strncasecmp(q, "a:", 2) || !av_strncasecmp(q, "v:", 2) || !av_strncasecmp(q, "s:", 2)) vs->nb_streams++; + q = strchr(q, ','); + if (!q) + break; q++; } vs->streams = av_mallocz(sizeof(AVStream *) * vs->nb_streams);