From patchwork Fri Dec 31 10:53:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Khirnov X-Patchwork-Id: 32960 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:cd86:0:0:0:0:0 with SMTP id d128csp13864726iog; Fri, 31 Dec 2021 02:54:24 -0800 (PST) X-Google-Smtp-Source: ABdhPJxspguO2SHPulabOFVd939bmZBMeVuoKAjk9+cBo3Tj96DJYfUEzpB9ufOEfMrNeQY5mWGO X-Received: by 2002:a17:906:5f97:: with SMTP id a23mr8495051eju.154.1640948064474; Fri, 31 Dec 2021 02:54:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1640948064; cv=none; d=google.com; s=arc-20160816; b=iaTW+msMzfGgKnX3d+7//cZNrTIkoAdM3H2YbUWCIOfXpix/0VOVx5YEKeHh3u/Skf AR9+ghcDYvDVRxkHKMj3q9zRsr0hlX6DgZQaMSEZRRghrfSFiK0jU0s3wAirTKD0MoNU PgYb84CuiFH3YLSDjrV00Mn6bmDuoa7xD7mw7zagnrLAdrjaASsLpjECQr4Fa/VvmZq3 KMrMoQD2dBBPRi4ZAkRgnER/ePx6gp8uUsHZUUfdHyXl+7hMZxLNlBcoPtDSpM3lADbC N352y9c+c1LImEcPT7NqdEbcb8hqZ7aTraEpgdDkQPta2eDMWVA0c/Y97vv7+SCTgIJq wQ/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:delivered-to; bh=7oc4XZDTeyAjDTfrgawXNKaswL1VmdSTE/dHAwDs9eU=; b=UX5h2AUnJk1/5+++4aCbtI90TMdXrdBDDNNwPvBhdkk5EOVKLPI0d7y0dQwo0ZdNCK Yojc4eOIe/fNSRpDA19J43Kkz8mXDSZ5dNIRQSyaaxdCyVSuvh2S2qbejj7ZNcW1G5Il 2N8O7P0D0VSdyNUtUB4OSc8wfcid2cALcX6EidC9kEzXAF3UNC+3AoxBLc47biePIy1n qBLYCTDIRi92zuf4GBYdV46wrOWD4fP+fIoN5bPXIhUAAOS13o123IbNg6xUXSMskBGH +qEPr9e+faS1jzm/8IsW8MEhD6+NEzUTK72+X5FJQI4jUI+F3miDw9bhFpbiqc/fVw54 4xeQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id d25si11842324eje.732.2021.12.31.02.54.24; Fri, 31 Dec 2021 02:54:24 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C3BEF68B009; Fri, 31 Dec 2021 12:53:34 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail0.khirnov.net (red.khirnov.net [176.97.15.12]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 16A1168AFF5 for ; Fri, 31 Dec 2021 12:53:27 +0200 (EET) Received: from localhost (localhost [IPv6:::1]) by mail0.khirnov.net (Postfix) with ESMTP id C0AFA240506 for ; Fri, 31 Dec 2021 11:53:22 +0100 (CET) Received: from mail0.khirnov.net ([IPv6:::1]) by localhost (mail0.khirnov.net [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id zPyIdCzSSI67 for ; Fri, 31 Dec 2021 11:53:22 +0100 (CET) Received: from libav.khirnov.net (libav.khirnov.net [IPv6:2a00:c500:561:201::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "libav.khirnov.net", Issuer "smtp.khirnov.net SMTP CA" (verified OK)) by mail0.khirnov.net (Postfix) with ESMTPS id B2E5D24050B for ; Fri, 31 Dec 2021 11:53:19 +0100 (CET) Received: by libav.khirnov.net (Postfix, from userid 1000) id AEEFA3A078F; Fri, 31 Dec 2021 11:53:19 +0100 (CET) From: Anton Khirnov To: ffmpeg-devel@ffmpeg.org Date: Fri, 31 Dec 2021 11:53:07 +0100 Message-Id: <20211231105307.30946-7-anton@khirnov.net> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211231105307.30946-1-anton@khirnov.net> References: <20211231105307.30946-1-anton@khirnov.net> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 7/7] lavu/fifo: return errors on trying to read/write too much X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: 16AugmPoen80 Trying to write too much will currently overwrite previous data. Trying to read too much will either av_assert2() in av_fifo_drain() or return old data. Trying to peek too much will either av_assert2() in av_fifo_generic_peek_at() or return old data. Return an error code in all these cases, which is safer and more consistent. --- libavutil/fifo.c | 18 +++++++++++------- libavutil/fifo.h | 8 +++++++- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/libavutil/fifo.c b/libavutil/fifo.c index f38e8ff089..d741bdd395 100644 --- a/libavutil/fifo.c +++ b/libavutil/fifo.c @@ -134,6 +134,9 @@ int av_fifo_generic_write(AVFifoBuffer *f, void *src, int size, uint32_t wndx= f->wndx; uint8_t *wptr= f->wptr; + if (size > av_fifo_space(f)) + return AVERROR(ENOSPC); + do { int len = FFMIN(f->end - wptr, size); if (func) { @@ -159,13 +162,8 @@ int av_fifo_generic_peek_at(AVFifoBuffer *f, void *dest, int offset, int buf_siz { uint8_t *rptr = f->rptr; - av_assert2(offset >= 0); - - /* - * *ndx are indexes modulo 2^32, they are intended to overflow, - * to handle *ndx greater than 4gb. - */ - av_assert2(buf_size + (unsigned)offset <= f->wndx - f->rndx); + if (offset < 0 || buf_size > av_fifo_size(f) - offset) + return AVERROR(EINVAL); if (offset >= f->end - rptr) rptr += offset - (f->end - f->buffer); @@ -198,6 +196,9 @@ int av_fifo_generic_peek(AVFifoBuffer *f, void *dest, int buf_size, { uint8_t *rptr = f->rptr; + if (buf_size > av_fifo_size(f)) + return AVERROR(EINVAL); + do { int len = FFMIN(f->end - rptr, buf_size); if (func) @@ -218,6 +219,9 @@ int av_fifo_generic_peek(AVFifoBuffer *f, void *dest, int buf_size, int av_fifo_generic_read(AVFifoBuffer *f, void *dest, int buf_size, void (*func)(void *, void *, int)) { + if (buf_size > av_fifo_size(f)) + return AVERROR(EINVAL); + do { int len = FFMIN(f->end - f->rptr, buf_size); if (func) diff --git a/libavutil/fifo.h b/libavutil/fifo.h index 37da9f14c2..53b668aa17 100644 --- a/libavutil/fifo.h +++ b/libavutil/fifo.h @@ -91,6 +91,8 @@ int av_fifo_space(const AVFifoBuffer *f); * @param buf_size number of bytes to read * @param func generic read function * @param dest data destination + * + * @return a non-negative number on success, a negative error code on failure */ int av_fifo_generic_peek_at(AVFifoBuffer *f, void *dest, int offset, int buf_size, void (*func)(void*, void*, int)); @@ -101,6 +103,8 @@ int av_fifo_generic_peek_at(AVFifoBuffer *f, void *dest, int offset, int buf_siz * @param buf_size number of bytes to read * @param func generic read function * @param dest data destination + * + * @return a non-negative number on success, a negative error code on failure */ int av_fifo_generic_peek(AVFifoBuffer *f, void *dest, int buf_size, void (*func)(void*, void*, int)); @@ -110,6 +114,8 @@ int av_fifo_generic_peek(AVFifoBuffer *f, void *dest, int buf_size, void (*func) * @param buf_size number of bytes to read * @param func generic read function * @param dest data destination + * + * @return a non-negative number on success, a negative error code on failure */ int av_fifo_generic_read(AVFifoBuffer *f, void *dest, int buf_size, void (*func)(void*, void*, int)); @@ -124,7 +130,7 @@ int av_fifo_generic_read(AVFifoBuffer *f, void *dest, int buf_size, void (*func) * func must return the number of bytes written to dest_buf, or <= 0 to * indicate no more data available to write. * If func is NULL, src is interpreted as a simple byte array for source data. - * @return the number of bytes written to the FIFO + * @return the number of bytes written to the FIFO or a negative error code on failure */ int av_fifo_generic_write(AVFifoBuffer *f, void *src, int size, int (*func)(void*, void*, int));