From patchwork Mon Sep 23 05:19:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marth64 X-Patchwork-Id: 51727 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a59:d154:0:b0:48e:c0f8:d0de with SMTP id bt20csp2248309vqb; Sun, 22 Sep 2024 22:39:19 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVMC05YGevM8uXYjRnn91MfA4ibevkxcAWP15h5kT9gB1Gxv+kmYsVxXFUPTZHYBcJxrLsaimd4IUmfN1A/Ja2J@gmail.com X-Google-Smtp-Source: AGHT+IFepS08dVHDzAH1n03OqFbb2SmmdMwkK4pleZ9/xCe/5YjQUGT9le93nXb9pUWevi8rtcwp X-Received: by 2002:a05:651c:2117:b0:2ef:226e:e150 with SMTP id 38308e7fff4ca-2f7cb35b1e0mr62078301fa.32.1727069958908; Sun, 22 Sep 2024 22:39:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1727069958; cv=none; d=google.com; s=arc-20240605; b=TKgpyIK7ITKHunG+VFtX2dT2PPercoA19CsTnXiNMUqwlKbZcPWGjes91Kb7mlH600 olvkf6ncsAo2Qwfnh1jh5dIGOiclB2xfWS76d3TRRuJZLsevAsleLJ/+nlzOuKWYd4Vk F62gf+GcnyLTNI0PXNz/fBZpDz5MBXxg19IjjdbIBOYiakbWwfPtXdmsMSFynG3lhYKx esvSU0YXrjulSpjRflxUHy0as43aCqCvasRUnTS6+x6LbXaz5H0JrXf8nw3qEpm7fZbL +Q6Ei70uCLXf4d4N/kvd/u/Jrz2d1gyOCax2cWYr0b+ngiSUJbw7/Ig58A74U3kv4i4d gXAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:mime-version:references:in-reply-to :message-id:date:to:from:dkim-signature:delivered-to; bh=hjmgp1KEPVFW+MLwdQiAEsnYCrq7GDZEQ3WULZQUEHs=; fh=PlWMzmI9LD2qGS7ipLrQl8z0iaQTLQLHzoGuXcBzpCg=; b=TNrI5iUi0/N8ZAqbXySQ+uIxxRvW6Rm2HWVflPluyf/weZVSqO+8WW+VelpHt4Q01R w1pm95HtYnjbslCdw0S8L7AbQDky6Wv1YkkLHGy8EgRBbrSjSJCYMW2l0hlybqMIgYKY AQ8Pg949y7igDtE6mXshKb+oAmTxPD3bdvhusD0iJhXfNG1eRQ53NSWHpCRRBUChjZE9 y/uhmJuJpFMrPUsYsh7Ps56vq8J1qQVOSYX0+yduSeeVBt2MvnciiDarUPRsJwPUEDdG d4i9HYX5PfmBv5WSpF0Av3BZdAEk5Pv6rEJAlqeYIUhcQWOGWf43JXqeKZtBfLYOTK26 ijgA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@proxyid.net header.s=google header.b="W2LGld/a"; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dara=fail header.i=@gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 38308e7fff4ca-2f79d2db35dsi59059271fa.183.2024.09.22.22.39.18; Sun, 22 Sep 2024 22:39:18 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@proxyid.net header.s=google header.b="W2LGld/a"; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dara=fail header.i=@gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B0FE168DC32; Mon, 23 Sep 2024 08:20:06 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-oo1-f97.google.com (mail-oo1-f97.google.com [209.85.161.97]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8624768D942 for ; Mon, 23 Sep 2024 08:19:52 +0300 (EEST) Received: by mail-oo1-f97.google.com with SMTP id 006d021491bc7-5de8a3f1cc6so2156342eaf.1 for ; Sun, 22 Sep 2024 22:19:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proxyid.net; s=google; t=1727068791; x=1727673591; darn=ffmpeg.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qfCVmxpVDXR/6QH2RGLWDdOBpclWmbJw9vQOvhVkIMs=; b=W2LGld/ap5jDSQL8sBhokyr2lzbgUZkltqGUnNmucWTWv7K4y3UDtkCCntsCV3Jk7y i0QHbmEK0SyUIAhBqXFAQORWskQHWFg1uNMgizWpXgCpeX0bfVyVkxQ6xGP8fOj958+H MBRKlVKPPtQneFEwejcCLOghy5e18Ug0uJ6po0r/C8XGT/9zYfyuOZqkP9xsvGTrhyyl KSSpqOpxhhkNGvU7wjYf/G12wFDzLLUiW9puBcHV8AYmBFfRCN9XC8xKNF86YG6GiHPn eL820m8VdXMMU0f2IEaSlSwXXRin+dvRvzKwNWWZP2mTn54ywvHav+fI1l1j6hQ+0uoG MqMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727068791; x=1727673591; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qfCVmxpVDXR/6QH2RGLWDdOBpclWmbJw9vQOvhVkIMs=; b=o3j5K11R3ol1t8pKa9XQ+AnSr0NSb95LvG/39OWX5yBTOUcOxmrcNmV0jgO1CCrY81 AUJwJ2xfVsQElTlwlRmIvGulaudEdWvg6ww3p7Kix54zOijqeb2tXCrUKWVXc11YAF/U b98vmRbDz0apGTNaj99yHaQk+BncKE3u1qDtWfob3VMSUr5pQR4+Agg5TmT4fNogg5bi VFtRbP0F0N/qF5di6HShrgXBGNqjYuvaYzKpvYZR5yyl+bQ+Olj1GdWlfY/VLjKlGHP9 zyrWuwWI7fINJmy5ysueuOFMDL2FCc5CJBfewuxFnW8AwP26TA7GpdWgkIobZjsMOLdg NAbg== X-Gm-Message-State: AOJu0Yxo8MvSC9uz9pdFIDOkimDiY6jPv2z+PT3JZJDHN4/HulAy3weB 0vaQT+zJ7ja0H7uD6kc0PpY4f0J5rDPgINBjs4DbHIOkAZwE608DEVVSU0BO1OE6BjnjxY+lPmA 7PDYouwqT1SyOHLu4IelzW7EjZGc1BW10wUnzgQr1 X-Received: by 2002:a05:6820:808:b0:5df:83a7:9ddf with SMTP id 006d021491bc7-5e58b848b4emr5195401eaf.0.1727068791073; Sun, 22 Sep 2024 22:19:51 -0700 (PDT) Received: from localhost.localdomain (c-69-245-177-215.hsd1.il.comcast.net. [69.245.177.215]) by smtp-relay.gmail.com with ESMTPS id 006d021491bc7-5e3bc69661csm202010eaf.20.2024.09.22.22.19.50 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Sun, 22 Sep 2024 22:19:51 -0700 (PDT) X-Relaying-Domain: proxyid.net From: Marth64 To: ffmpeg-devel@ffmpeg.org Date: Mon, 23 Sep 2024 00:19:40 -0500 Message-Id: <20240923051941.54124-11-marth64@proxyid.net> X-Mailer: git-send-email 2.39.5 (Apple Git-154) In-Reply-To: <20240923051941.54124-1-marth64@proxyid.net> References: <20240923051941.54124-1-marth64@proxyid.net> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH v2 10/11] avformat/dvdvideodec: check the length of a NAV packet when reading titles X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Marth64 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: NABFhs+Zn5uy Some discs present titles with bogus NAV packets. We apply this check for menus and for title MPEG blocks, but we should also apply it for NAV packets during title demuxing. Signed-off-by: Marth64 --- libavformat/dvdvideodec.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libavformat/dvdvideodec.c b/libavformat/dvdvideodec.c index 6f947c3927..e1c335f270 100644 --- a/libavformat/dvdvideodec.c +++ b/libavformat/dvdvideodec.c @@ -740,6 +740,13 @@ static int dvdvideo_play_next_ps_block(AVFormatContext *s, DVDVideoPlaybackState return AVERROR_EOF; } + if (nav_len != DVDVIDEO_BLOCK_SIZE) { + av_log(s, AV_LOG_ERROR, "Invalid NAV packet size (expected=%d actual=%d)\n", + DVDVIDEO_BLOCK_SIZE, nav_len); + + return AVERROR_INVALIDDATA; + } + e_pci = dvdnav_get_current_nav_pci(state->dvdnav); e_dsi = dvdnav_get_current_nav_dsi(state->dvdnav);