From patchwork Mon May 18 03:30:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 19732 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 2563744AFD4 for ; Mon, 18 May 2020 06:31:17 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0ADDB68A69C; Mon, 18 May 2020 06:31:17 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com [209.85.221.67]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 2132268A43F for ; Mon, 18 May 2020 06:31:09 +0300 (EEST) Received: by mail-wr1-f67.google.com with SMTP id l11so10101000wru.0 for ; Sun, 17 May 2020 20:31:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=SqbniUsfuIb95avGT3f+lXTQeM/idSl+f6gw3pKXspQ=; b=Ii0syR7I45u/6167QAc8U2Ykt3MCm1F9FJ/+sEQinA0OE1dQSplF+Umfwxs/T045jY NxnvOJSQuv4s2v0y38DExGLmoAloYpdPgV/hNXAG4hmQxZPhxOzDPsNvhUrYw80g7J6Y XU/vIYZ9tX/kWnvOcFJ44tnAyKZHI1cv3jarHGfoWbpJ84ZDm/gw+TE+TWMmgYZC39DV bpTe3oXa4EUrhcOfNz00Cx8j28/Akl4jmptD7kSGEkI6kH+dS5j60SgSY9Qo65tMY3/d kI3rD781LfSJo8lM7j/bFQgYs88eelwknn1NMQ2lXaXHcTBG93/89V1vXxfC+CBcrhaU thOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=SqbniUsfuIb95avGT3f+lXTQeM/idSl+f6gw3pKXspQ=; b=L3RWAkLHCzUJ6G71qVKjtgdzubmg9d1e0FzOzCV9L93IttG1WCSWSBdssPXIyDAphz W3JEzJZiiyKdPlv7ldPYyI6KpuVv6xNxoBWW70kA5Ble7fLziKW1I4cw1AOOKvWXrcDr g+f0QfkDdRBpaTdEtiORf9mT+sLwXpL4DD2iGWjJfSZV/QSRwrInH2iVm9IhWlEMvHe+ ZgF3RqsOWGoSNaxfNrAQyYuzvcGy6KmG+0wgCEw71W2yC62ojA8gyC6kCnh6SCmRFOIp /fCh016KSRxnrmZ4JC834yrZZxhK4WCD7UKPUNKbY3ifjk+Y5c/ZkqaKo5jmgMml4AiX OY4g== X-Gm-Message-State: AOAM530N6JSIUMbsnyNs0Tu4j14YSJzY4LO6x/AxsQsyeSnVhFQuvTe+ LBfK5lfPSeHHuc9Tlb4qJg5/e0Zn X-Google-Smtp-Source: ABdhPJw25U8cqDVug7SZKm1g/hg0mm7uXE+BJ9mell52OIqXkWckN0iJZ3TSOyoy4MXIfom3Y5t+pA== X-Received: by 2002:adf:fe07:: with SMTP id n7mr17056773wrr.259.1589772668268; Sun, 17 May 2020 20:31:08 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1ab57.dynamic.kabel-deutschland.de. [188.193.171.87]) by smtp.gmail.com with ESMTPSA id a21sm1011151wmm.7.2020.05.17.20.31.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 17 May 2020 20:31:07 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Mon, 18 May 2020 05:30:32 +0200 Message-Id: <20200518033033.27347-4-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200518033033.27347-1-andreas.rheinhardt@gmail.com> References: <20200518033033.27347-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 4/5] avformat/webmdashenc: Don't segfault on invalid arguments X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The current parsing process for adaptation_sets does not guarantee every adaptation set to contain at least one stream, because the loop exits immediately as soon as the end of the string has been reached, without checking whether the currently active adaptation set group is lacking a stream. This would lead to segfaults lateron as the rest of the code presumed that every adaptation set contains a stream. This commit fixes this by erroring out when the last adaptation set group is incomplete. Signed-off-by: Andreas Rheinhardt --- libavformat/webmdashenc.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/libavformat/webmdashenc.c b/libavformat/webmdashenc.c index fd07b3e34a..3101e0a039 100644 --- a/libavformat/webmdashenc.c +++ b/libavformat/webmdashenc.c @@ -437,8 +437,13 @@ static int parse_adaptation_sets(AVFormatContext *s) } // syntax id=0,streams=0,1,2 id=1,streams=3,4 and so on state = new_set; - while (p < w->adaptation_sets + strlen(w->adaptation_sets)) { - if (state == new_set && *p == ' ') { + while (1) { + if (*p == '\0') { + if (state == new_set) + break; + else + return AVERROR(EINVAL); + } else if (state == new_set && *p == ' ') { p++; continue; } else if (state == new_set && !strncmp(p, "id=", 3)) {