From patchwork Sun Dec 4 23:50:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marton Balint X-Patchwork-Id: 39594 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:999a:b0:a4:2148:650a with SMTP id ve26csp2863213pzb; Sun, 4 Dec 2022 15:50:31 -0800 (PST) X-Google-Smtp-Source: AA0mqf5NEMrofLDr4Zw1+V0LB8zcp4NBWTPUdpn8tEjdkQPeDwj5zlaQL9PEsm4gp9zkZkME/8hT X-Received: by 2002:a17:906:74c6:b0:7c0:e381:a32a with SMTP id z6-20020a17090674c600b007c0e381a32amr4521183ejl.188.1670197831026; Sun, 04 Dec 2022 15:50:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670197831; cv=none; d=google.com; s=arc-20160816; b=AKuGV6nKRyzhu/bBDPSfzuXUmwkmYSb5y0MMR7rdF1BuiLhjiKe4iT069maa+1i6kB 8MUd/OVSGz2r9cGShItqPtyrKCZcwCH1pLUVE1VjuDNanANp13/dfAOUTDu3TzeCCt6J 5fKf98TfA5GRu4XcC11NlmP4CNJYlEKsadQgra8JAi2LC9zaizJz1Gskb+ioLyouBoqx C8JJDpGcoeqXqndSvOFjTY0qBy1UgD4PKQNBAG5Zl8G6o+DW9evav5j96ukZ9wylNOsv o7OuFS1aYmHeg9Abm9fCykO2KX/gWFbnXdqGVhvb/wmS6zl+x6uSGXxji2uW50UmJkTB s0rQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:mime-version:references:in-reply-to :message-id:date:to:from:delivered-to; bh=Pb/NxWV0TZlVNO/atlQBIxxyZ9Ng/7FUkOmdNOMeTfU=; b=GLwIQO1TyX7pFqBxMhxNjclwNDDGZEISScqggFhLlNw0GwXZVq8nclBYxN5ypzSOrp AsHIP/8wbPpywPfQ5Kry/g+S8fftKVUKxvoiOvZwkMhNLgscAKXEJNyrZmw7sFD/CXs0 ucovxcwuLpAdfMTyBr+/vtspk1owsu3PSOCQvkbTrcJz4/fu9+hX1ldl5fdKsF7ZBmPT EzR6W7mkEoRtBCQGSfKcNOq0V2LQmdaR/2T5/6ZckL9QTjkok944dZ9RAlUdLnt4pGpU gUewjOxGf5pMww2Bs13pD0wE8K8gHoQdcZJCd1cs3qfMfDsz1JVnDHMTtRNV1SgMAP2J N9ew== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id gs8-20020a1709072d0800b007ae2368c8a8si12249212ejc.109.2022.12.04.15.50.30; Sun, 04 Dec 2022 15:50:31 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7015168BC14; Mon, 5 Dec 2022 01:50:19 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from iq.passwd.hu (iq.passwd.hu [217.27.212.140]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4391D68BBF4 for ; Mon, 5 Dec 2022 01:50:12 +0200 (EET) Received: from localhost (localhost [127.0.0.1]) by iq.passwd.hu (Postfix) with ESMTP id ABAC0E8205; Mon, 5 Dec 2022 00:50:10 +0100 (CET) X-Virus-Scanned: amavisd-new at passwd.hu Received: from iq.passwd.hu ([127.0.0.1]) by localhost (iq.passwd.hu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bUQ0ERFPKAI1; Mon, 5 Dec 2022 00:50:09 +0100 (CET) Received: from bluegene.passwd.hu (localhost [127.0.0.1]) by iq.passwd.hu (Postfix) with ESMTP id 748B6E8201; Mon, 5 Dec 2022 00:50:09 +0100 (CET) From: Marton Balint To: ffmpeg-devel@ffmpeg.org Date: Mon, 5 Dec 2022 00:50:02 +0100 Message-Id: <20221204235002.26754-2-cus@passwd.hu> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20221204235002.26754-1-cus@passwd.hu> References: <20221204235002.26754-1-cus@passwd.hu> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 2/2] avformat/mov: re-allow zero sample sizes if that is not the default X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Marton Balint Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: CjXIy27e24hh Patch 03d81a044ad587ea83567f75dc36bc3d64278199 disallowed zero sample sizes, but there are some files in the wild which have zero sized samples (e.g. no audio in some part of a live recording). Fix this by only disallowing zero sized samples if the size is coming from the default sample size and not from the trun box. This approach fixes the original timeout issue from fuzzed files differently. Signed-off-by: Marton Balint --- libavformat/mov.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 935b2f8d9f..9d3a2ab830 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -5230,6 +5230,9 @@ static int mov_read_trun(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (index_entry_pos > 0) prev_dts = sti->index_entries[index_entry_pos-1].timestamp; + if (entries && !frag->size && !(flags & MOV_TRUN_SAMPLE_SIZE)) + return AVERROR_INVALIDDATA; + for (i = 0; i < entries && !pb->eof_reached; i++) { unsigned sample_size = frag->size; int sample_flags = i ? frag->flags : first_sample_flags; @@ -5293,8 +5296,6 @@ static int mov_read_trun(MOVContext *c, AVIOContext *pb, MOVAtom atom) distance++; if (av_sat_add64(dts, sample_duration) != dts + (uint64_t)sample_duration) return AVERROR_INVALIDDATA; - if (!sample_size) - return AVERROR_INVALIDDATA; dts += sample_duration; offset += sample_size; sc->data_size += sample_size;