From patchwork Wed Jun 24 13:46:57 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
X-Patchwork-Id: 20584
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 5800344BAE7
	for <patchwork@ffaux-bg.ffmpeg.org>; Wed, 24 Jun 2020 16:55:00 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 372F568B655;
	Wed, 24 Jun 2020 16:55:00 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-lf1-f66.google.com (mail-lf1-f66.google.com
 [209.85.167.66])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6066368B63A
 for <ffmpeg-devel@ffmpeg.org>; Wed, 24 Jun 2020 16:54:53 +0300 (EEST)
Received: by mail-lf1-f66.google.com with SMTP id o4so1321436lfi.7
 for <ffmpeg-devel@ffmpeg.org>; Wed, 24 Jun 2020 06:54:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=P7IXR+w1TJy51+pOoysx/EiAXHUxpYGogx5QqTPAlT8=;
 b=hYpQf9DN/hUvuC1xzHDx6EY3W7irv1hHgguN4R0Tg1ZARn96zFpHsvTCyEwXwvyjM4
 04xLC3s+MY3oJ6qSYmIK/2pA3743EDYXZuEDTmMmfNaXZxp1lBXyUS/Xjerx6X4yZL4e
 laShmn5/lYhFBcyZUQIQSniLdXUvwxdVoHRpWrfxkDaBIx5+FNParfY11JzCaBy9a6to
 Q4sL91sjNh+o+BhzUUdK63F1L6CDYwAFj90wROjosbbHUhb9ZU/VgAhnwFFM7v8AQXyO
 kExAVQDOtanUpQtCUDlzbwpRqMiuIiu5N9qxbtONKXn02J3nXVtH8kn000qkye11EGDz
 DO1Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=P7IXR+w1TJy51+pOoysx/EiAXHUxpYGogx5QqTPAlT8=;
 b=qnSgFB7N4w38z/4SlK9njv/KqXFl1KVlh/7nr3FAzRWvLfcIPD7kWRDaFcTx2xLKpr
 yhqMf/7IS9KfQNnG3M0whsdWqs9Zjmu9iImlnijbswruAvEYME2J9j5Q+1Qxs25XNds4
 jmP3h6kWgpp1r9t4Rd++qZLCfM9jpD+gyAIPTBp2idyQB7jXT+6NUbkrXDRuonuvT5/T
 mi/E5mCq8xx1wyalAqg3Y/6NDfMwQ+/KRryEuC/dxrR17j4du7HFQg2n0CNOCf30U7ox
 NY4FOSzFTnHoRRSuwuooxqkseE7ZbMR9Oe/BZed4XZJLf5c8K37in+/nMwN5DeyPknkO
 SpsQ==
X-Gm-Message-State: AOAM532wnlGA05hcYgVWeyQdWaRS5l8B4JzseKbntHk086UG0ieCqqsr
 frT+nxxBnD20qqKoiiD7r0WXU5bJ
X-Google-Smtp-Source: 
 ABdhPJw6+zaNPxRoADs0ICAxn4qvi4SG7UhhLJ9osQkls0rnFOxgk1hkIpCoL5yQh6+8ecp34a4jTg==
X-Received: by 2002:adf:8501:: with SMTP id 1mr34115257wrh.153.1593006433625;
 Wed, 24 Jun 2020 06:47:13 -0700 (PDT)
Received: from sblaptop.fritz.box (ipbcc10296.dynamic.kabel-deutschland.de.
 [188.193.2.150])
 by smtp.gmail.com with ESMTPSA id y25sm8172390wma.19.2020.06.24.06.47.12
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 24 Jun 2020 06:47:13 -0700 (PDT)
From: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Wed, 24 Jun 2020 15:46:57 +0200
Message-Id: <20200624134705.14833-1-andreas.rheinhardt@gmail.com>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 1/9] avformat/smacker: Don't increase packet
	counter prematurely
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

The Smacker demuxer buffers audio packets before it outputs them, but it
increments the counter of buffered packets prematurely: If allocating
the audio buffer fails, an error (most likely AVERROR(ENOMEM)) is returned.
If the caller decides to call av_read_frame() again, the next call will
take the codepath for returning already buffered audio packets and it
will fail (because the buffer that ought to be allocated isn't) without
decrementing the number of supposedly buffered audio packets (it doesn't
matter whether there would be enough memory available in subsequent calls).
Depending on the caller's behaviour this is potentially an infinite loop.

This commit fixes this by only incrementing the number of buffered audio
packets after having successfully read them and unconditionally reducing
said number when outputting one of them. It also changes the semantics
of the curstream variable: It is now the number of currently buffered
audio packets whereas it used to be the index of the last audio stream
to be read. (Index refers to the index in the array of buffers, not to
the stream index.)

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
 libavformat/smacker.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/libavformat/smacker.c b/libavformat/smacker.c
index 8b1e185817..14dc4ef406 100644
--- a/libavformat/smacker.c
+++ b/libavformat/smacker.c
@@ -229,7 +229,6 @@ static int smacker_read_header(AVFormatContext *s)
         return AVERROR(EIO);
     }
 
-    smk->curstream = -1;
     smk->nextpos = avio_tell(pb);
 
     return 0;
@@ -249,7 +248,7 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt)
         return AVERROR_EOF;
 
     /* if we demuxed all streams, pass another frame */
-    if(smk->curstream < 0) {
+    if (smk->curstream <= 0) {
         avio_seek(s->pb, smk->nextpos, 0);
         frame_size = smk->frm_size[smk->cur_frame] & (~3);
         flags = smk->frm_flags[smk->cur_frame];
@@ -301,7 +300,7 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt)
             palchange |= 1;
         }
         flags >>= 1;
-        smk->curstream = -1;
+        smk->curstream = 0;
         /* if audio chunks are present, put them to stack and retrieve later */
         for(i = 0; i < 7; i++) {
             if(flags & 1) {
@@ -315,7 +314,6 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt)
                 }
                 frame_size -= size;
                 frame_size -= 4;
-                smk->curstream++;
                 if ((err = av_reallocp(&smk->bufs[smk->curstream], size)) < 0) {
                     smk->buf_sizes[smk->curstream] = 0;
                     return err;
@@ -325,6 +323,7 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt)
                 if(ret != size)
                     return AVERROR(EIO);
                 smk->stream_id[smk->curstream] = smk->indexes[i];
+                smk->curstream++;
             }
             flags >>= 1;
         }
@@ -345,6 +344,7 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt)
         smk->cur_frame++;
         smk->nextpos = avio_tell(s->pb);
     } else {
+        smk->curstream--;
         if (smk->stream_id[smk->curstream] < 0 || !smk->bufs[smk->curstream])
             return AVERROR_INVALIDDATA;
         if ((ret = av_new_packet(pkt, smk->buf_sizes[smk->curstream])) < 0)
@@ -354,7 +354,6 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt)
         pkt->stream_index = smk->stream_id[smk->curstream];
         pkt->pts = smk->aud_pts[smk->curstream];
         smk->aud_pts[smk->curstream] += AV_RL32(pkt->data);
-        smk->curstream--;
     }
 
     return 0;