Message ID | 20220312235227.19626-3-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 8d6f49cfc339825f3f3f8a910e4bb4c0f822db1f |
Headers | show |
Series | [FFmpeg-devel,1/4] avcodec/vp9_superframe_split_bsf: Check in size | expand |
Context | Check | Description |
---|---|---|
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
On Sun, 13 Mar 2022, Michael Niedermayer wrote: > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/mxfdec.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c > index d7cdd22c8a..828fc0f9f1 100644 > --- a/libavformat/mxfdec.c > +++ b/libavformat/mxfdec.c > @@ -932,6 +932,7 @@ static int mxf_read_cryptographic_context(void *arg, AVIOContext *pb, int tag, i > > static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, int *count) > { > + int64_t ret; > unsigned c = avio_rb32(pb); > > //avio_read() used int > @@ -946,7 +947,12 @@ static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, int *count) > return AVERROR(ENOMEM); > } > avio_skip(pb, 4); /* useless size of objects, always 16 according to specs */ > - avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID)); > + ret = avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID)); > + if (ret != *count * sizeof(UID)) { > + *count = ret < 0 ? 0 : ret / sizeof(UID); I suggest you hard fail if the read count is not the expected, do not silently ignore corrupt file. Regards, Marton > + return ret < 0 ? ret : AVERROR_INVALIDDATA; > + } > + > return 0; > } > > -- > 2.17.1 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". >
On Sun, Mar 13, 2022 at 04:52:25PM +0100, Marton Balint wrote: > > > On Sun, 13 Mar 2022, Michael Niedermayer wrote: > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavformat/mxfdec.c | 8 +++++++- > > 1 file changed, 7 insertions(+), 1 deletion(-) > > > > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c > > index d7cdd22c8a..828fc0f9f1 100644 > > --- a/libavformat/mxfdec.c > > +++ b/libavformat/mxfdec.c > > @@ -932,6 +932,7 @@ static int mxf_read_cryptographic_context(void *arg, AVIOContext *pb, int tag, i > > > > static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, int *count) > > { > > + int64_t ret; > > unsigned c = avio_rb32(pb); > > > > //avio_read() used int > > @@ -946,7 +947,12 @@ static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, int *count) > > return AVERROR(ENOMEM); > > } > > avio_skip(pb, 4); /* useless size of objects, always 16 according to specs */ > > - avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID)); > > + ret = avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID)); > > + if (ret != *count * sizeof(UID)) { > > + *count = ret < 0 ? 0 : ret / sizeof(UID); > > I suggest you hard fail if the read count is not the expected, do not > silently ignore corrupt file. > > Regards, > Marton > > > + return ret < 0 ? ret : AVERROR_INVALIDDATA; Does it not hard fail here ? thx [...]
On Mon, 14 Mar 2022, Michael Niedermayer wrote: > On Sun, Mar 13, 2022 at 04:52:25PM +0100, Marton Balint wrote: >> >> >> On Sun, 13 Mar 2022, Michael Niedermayer wrote: >> >>> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >>> --- >>> libavformat/mxfdec.c | 8 +++++++- >>> 1 file changed, 7 insertions(+), 1 deletion(-) >>> >>> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c >>> index d7cdd22c8a..828fc0f9f1 100644 >>> --- a/libavformat/mxfdec.c >>> +++ b/libavformat/mxfdec.c >>> @@ -932,6 +932,7 @@ static int mxf_read_cryptographic_context(void *arg, AVIOContext *pb, int tag, i >>> >>> static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, int *count) >>> { >>> + int64_t ret; >>> unsigned c = avio_rb32(pb); >>> >>> //avio_read() used int >>> @@ -946,7 +947,12 @@ static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, int *count) >>> return AVERROR(ENOMEM); >>> } >>> avio_skip(pb, 4); /* useless size of objects, always 16 according to specs */ >>> - avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID)); >>> + ret = avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID)); >>> + if (ret != *count * sizeof(UID)) { >>> + *count = ret < 0 ? 0 : ret / sizeof(UID); >> > >> I suggest you hard fail if the read count is not the expected, do not >> silently ignore corrupt file. >> >> Regards, >> Marton >> >>> + return ret < 0 ? ret : AVERROR_INVALIDDATA; > > Does it not hard fail here ? Yeah, it does, sorry. This extra count calculation confused me... I'd just probably set it to 0 in case of a partial read, same as in case of an error, but fine either way I guess. Regards, Marton
sön 2022-03-13 klockan 00:52 +0100 skrev Michael Niedermayer: > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/mxfdec.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c > index d7cdd22c8a..828fc0f9f1 100644 > --- a/libavformat/mxfdec.c > +++ b/libavformat/mxfdec.c > @@ -932,6 +932,7 @@ static int mxf_read_cryptographic_context(void > *arg, AVIOContext *pb, int tag, i > > static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, > int *count) > { > + int64_t ret; > unsigned c = avio_rb32(pb); > > //avio_read() used int > @@ -946,7 +947,12 @@ static int mxf_read_strong_ref_array(AVIOContext > *pb, UID **refs, int *count) > return AVERROR(ENOMEM); > } > avio_skip(pb, 4); /* useless size of objects, always 16 > according to specs */ > - avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID)); > + ret = avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID)); > + if (ret != *count * sizeof(UID)) { > + *count = ret < 0 ? 0 : ret / sizeof(UID); > + return ret < 0 ? ret : AVERROR_INVALIDDATA; Looks ok /Tomas
On Mon, Mar 14, 2022 at 06:08:32PM +0100, Marton Balint wrote: > > > On Mon, 14 Mar 2022, Michael Niedermayer wrote: > > > On Sun, Mar 13, 2022 at 04:52:25PM +0100, Marton Balint wrote: > > > > > > > > > On Sun, 13 Mar 2022, Michael Niedermayer wrote: > > > > > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > > > --- > > > > libavformat/mxfdec.c | 8 +++++++- > > > > 1 file changed, 7 insertions(+), 1 deletion(-) > > > > > > > > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c > > > > index d7cdd22c8a..828fc0f9f1 100644 > > > > --- a/libavformat/mxfdec.c > > > > +++ b/libavformat/mxfdec.c > > > > @@ -932,6 +932,7 @@ static int mxf_read_cryptographic_context(void *arg, AVIOContext *pb, int tag, i > > > > > > > > static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, int *count) > > > > { > > > > + int64_t ret; > > > > unsigned c = avio_rb32(pb); > > > > > > > > //avio_read() used int > > > > @@ -946,7 +947,12 @@ static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, int *count) > > > > return AVERROR(ENOMEM); > > > > } > > > > avio_skip(pb, 4); /* useless size of objects, always 16 according to specs */ > > > > - avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID)); > > > > + ret = avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID)); > > > > + if (ret != *count * sizeof(UID)) { > > > > + *count = ret < 0 ? 0 : ret / sizeof(UID); > > > > > > > > I suggest you hard fail if the read count is not the expected, do not > > > silently ignore corrupt file. > > > > > > Regards, > > > Marton > > > > > > > + return ret < 0 ? ret : AVERROR_INVALIDDATA; > > > > Does it not hard fail here ? > > Yeah, it does, sorry. This extra count calculation confused me... I'd just > probably set it to 0 in case of a partial read, same as in case of an error, > but fine either way I guess. i wanted to set the count to be most correct value. So if someone was debuging this and tried to just not fail it would already have a useable value in count. thx [...]
On Mon, Mar 14, 2022 at 08:21:04PM +0100, Tomas Härdin wrote: > sön 2022-03-13 klockan 00:52 +0100 skrev Michael Niedermayer: > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavformat/mxfdec.c | 8 +++++++- > > 1 file changed, 7 insertions(+), 1 deletion(-) > > > > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c > > index d7cdd22c8a..828fc0f9f1 100644 > > --- a/libavformat/mxfdec.c > > +++ b/libavformat/mxfdec.c > > @@ -932,6 +932,7 @@ static int mxf_read_cryptographic_context(void > > *arg, AVIOContext *pb, int tag, i > > > > static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, > > int *count) > > { > > + int64_t ret; > > unsigned c = avio_rb32(pb); > > > > //avio_read() used int > > @@ -946,7 +947,12 @@ static int mxf_read_strong_ref_array(AVIOContext > > *pb, UID **refs, int *count) > > return AVERROR(ENOMEM); > > } > > avio_skip(pb, 4); /* useless size of objects, always 16 > > according to specs */ > > - avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID)); > > + ret = avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID)); > > + if (ret != *count * sizeof(UID)) { > > + *count = ret < 0 ? 0 : ret / sizeof(UID); > > + return ret < 0 ? ret : AVERROR_INVALIDDATA; > > Looks ok i will apply once we agree on the previous patch as that is on top of it thx [...]
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index d7cdd22c8a..828fc0f9f1 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -932,6 +932,7 @@ static int mxf_read_cryptographic_context(void *arg, AVIOContext *pb, int tag, i static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, int *count) { + int64_t ret; unsigned c = avio_rb32(pb); //avio_read() used int @@ -946,7 +947,12 @@ static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, int *count) return AVERROR(ENOMEM); } avio_skip(pb, 4); /* useless size of objects, always 16 according to specs */ - avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID)); + ret = avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID)); + if (ret != *count * sizeof(UID)) { + *count = ret < 0 ? 0 : ret / sizeof(UID); + return ret < 0 ? ret : AVERROR_INVALIDDATA; + } + return 0; }
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/mxfdec.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)