From patchwork Fri Nov 27 01:02:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 24080 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 4F8FE44BB5D for ; Fri, 27 Nov 2020 03:11:15 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id D050268BBB8; Fri, 27 Nov 2020 03:07:25 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wr1-f66.google.com (mail-wr1-f66.google.com [209.85.221.66]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 94F1368BB07 for ; Fri, 27 Nov 2020 03:07:13 +0200 (EET) Received: by mail-wr1-f66.google.com with SMTP id e7so3948373wrv.6 for ; Thu, 26 Nov 2020 17:07:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=e4/xWv+FgU/SdhCnvhzIhTDDjT6MwQmQ8RA8lr9/dQ0=; b=ndeO1ZE+5abiNeH/1ubN12sFn5OIQDOIRIYpNGv+F/YejupHOK/+JC4so0nVcbpGus w542iw0U4fQ6bRJtWXHw/ORQ5a3gfW2zlwWpFIuepqcXfv927lV+D6zHcPy0d9Iy/DiY 97gG+P5QJV2MEqvAT25YEaBjLaTW2jIgRGBrVwfNwuH1pzfUluDGGg4D6/HwAqj9LfUD HfCzk3H6iEPkj4DPri13+XaKoAIlBjvINQmUJhzUZzpRtFPNTKv2pIYXO+fLos8z4/sq JHs1jccRE93rqQLXk6OfVp02wueXdGZb5sUTl0sfr7IBHByCwVuItoR/QrX2AAZ4ZV3m YowQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=e4/xWv+FgU/SdhCnvhzIhTDDjT6MwQmQ8RA8lr9/dQ0=; b=gAAubeeaAedfaGkIKNr9DxAbOI7wQU7AnQ+DpZW3yIqLRdsPETRJ6WkSpJnJzfrW9g y2GvDt15QLBpfYQsm7gm4fvugawhZosQyGEg2I/KgxgC5IfWTMBxWzS2ZGX33POB5g6N JEoOFKnAmzCxg91Hx11Y9OM6mif2vjFSoVbeFFh/A/wuG3pXAWuS+zWX5XA8hfOhFSsK 0pRsakJ1/Ce81Ni820KgeqvLIfAFRIzxlMSKVffIZGtEfzEsxDhbshn6aRKqzOotZGD1 cXi27kGQCSbIBslgUKxWpHmAePFeCDEykynNEyTEyFiBNcBDWDFvnIxT1QIWWBC5+iHB RHKg== X-Gm-Message-State: AOAM532moV3cymMUXVMJim/MzTLwPy/Ynpw7/p1HmSotxbg1ssjK62V6 kSJXZJS4Ko59/yE88HzkXbr/Rq2oFDhIFA== X-Google-Smtp-Source: ABdhPJwgLx65SF52tpAMx4uJKQmupycTraMEaExdHPjajOchrUHVF61OZRgzjv0Kh26ZZ8VwlQKJqA== X-Received: by 2002:adf:fec5:: with SMTP id q5mr7160050wrs.245.1606439232950; Thu, 26 Nov 2020 17:07:12 -0800 (PST) Received: from sblaptop.fritz.box (ipbcc1aa4b.dynamic.kabel-deutschland.de. [188.193.170.75]) by smtp.gmail.com with ESMTPSA id l8sm10504450wro.46.2020.11.26.17.07.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Nov 2020 17:07:12 -0800 (PST) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Fri, 27 Nov 2020 02:02:36 +0100 Message-Id: <20201127010249.2724610-32-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201127010249.2724610-1-andreas.rheinhardt@gmail.com> References: <20201127010249.2724610-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 32/45] avcodec/smvjpegdec: Error out early if extradata is invalid X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Don't allocate and open a whole decoder after having already found out that the given extradata is invalid. Signed-off-by: Andreas Rheinhardt --- libavcodec/smvjpegdec.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/libavcodec/smvjpegdec.c b/libavcodec/smvjpegdec.c index 973a9117f2..587ad82a00 100644 --- a/libavcodec/smvjpegdec.c +++ b/libavcodec/smvjpegdec.c @@ -92,9 +92,13 @@ static av_cold int smvjpeg_decode_init(AVCodecContext *avctx) SMVJpegDecodeContext *s = avctx->priv_data; AVCodec *codec; AVDictionary *thread_opt = NULL; - int ret = 0, r; + int ret; - s->frames_per_jpeg = 0; + if (avctx->extradata_size < 4 || + (s->frames_per_jpeg = AV_RL32(avctx->extradata)) <= 0) { + av_log(avctx, AV_LOG_ERROR, "Invalid number of frames per jpeg.\n"); + return AVERROR_INVALIDDATA; + } s->picture[0] = av_frame_alloc(); if (!s->picture[0]) @@ -108,14 +112,6 @@ static av_cold int smvjpeg_decode_init(AVCodecContext *avctx) s->jpg.picture_ptr = s->picture[0]; - if (avctx->extradata_size >= 4) - s->frames_per_jpeg = AV_RL32(avctx->extradata); - - if (s->frames_per_jpeg <= 0) { - av_log(avctx, AV_LOG_ERROR, "Invalid number of frames per jpeg.\n"); - ret = AVERROR_INVALIDDATA; - } - codec = avcodec_find_decoder(AV_CODEC_ID_MJPEG); if (!codec) { av_log(avctx, AV_LOG_ERROR, "MJPEG codec not found\n"); @@ -129,9 +125,8 @@ static av_cold int smvjpeg_decode_init(AVCodecContext *avctx) s->avctx->refcounted_frames = 1; s->avctx->flags = avctx->flags; s->avctx->idct_algo = avctx->idct_algo; - if ((r = ff_codec_open2_recursive(s->avctx, codec, &thread_opt)) < 0) { + if ((ret = ff_codec_open2_recursive(s->avctx, codec, &thread_opt)) < 0) { av_log(avctx, AV_LOG_ERROR, "MJPEG codec failed to open\n"); - ret = r; } av_dict_free(&thread_opt);