From patchwork Tue Oct 1 12:51:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Almer X-Patchwork-Id: 51972 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a59:cb8a:0:b0:48e:c0f8:d0de with SMTP id d10csp283563vqv; Tue, 1 Oct 2024 06:41:13 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWh2YRZ3OO8pWqgsqnpctj8IwMLLz1Sxx0EAVY8dJxMdQTOUoJmSVw7bk+jvEf9SUME8pdAsXJgbRXIjPk8k7Lf@gmail.com X-Google-Smtp-Source: AGHT+IFat7ZUlzG5MVnHL059nWmcKZ/ML5B7SpJk+A5myhzmYACHsCLuWVXgoWtIVBD49ug6UJRX X-Received: by 2002:ac2:4f01:0:b0:533:71f:3a3d with SMTP id 2adb3069b0e04-5389fc4690amr12272010e87.24.1727790073573; Tue, 01 Oct 2024 06:41:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1727790073; cv=none; d=google.com; s=arc-20240605; b=Zn0s9EBR/zI12SPRMfrlEI8ZUMszcItIFHL+k5UhQOvVAdNQ7OeUAGBo1z/E1ZC2Un TRd1PmgpbDzOWo0X9pJJxTYCcj+NjPDQxeNjTIhc3zdPMGItaSb6DPhwdFwpa2F8iH5g eqlY7bGyiHhUGmYO/W8vjMCXB9PA8hI2PyyZn2AMGQJh1g4Fq8/4YxSBptQUmE/T1roo 6Pxq7b2FW7jnuO9I7yAm5pVDj95a/7EfXr9nsJO6ueYZxk8fVx3UhBCYa3fWwNBl7IaV u4WQKm+BCDMXnfBlPBH+zXy4jzI7zSiyDFDDPjr6JpPVlB/tpCToe2HCEZFufGO8M+tC ICHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=nVthc+QW3XNrON/y89/WpWitUJgNT2VdMO/tFNRGAuk=; fh=YOA8vD9MJZuwZ71F/05pj6KdCjf6jQRmzLS+CATXUQk=; b=JUrMY18cQ/MqCCFQMhURhUwfwJAxKG/C+95M3yRPLBhbWiDANYkaufo96tWLc9+xky rWjD92vyFIbM3Xlax0rIoGuGjQVdm6TqK8N/MVAurra2KecY03kWQczF9lEh0H3+h+BH f/3UgsP5jk00Ef7y3T8611PAY2A/9Gqf9xaCLNfTV2A2G26yLgJ5veFNqJUikuU4nq+6 3dyhg8BEY5Je1aw+xGxi5KCmozlHDYgOq2ZSbIoq56mT1rRlF9ENEZ1jPB5g7NUFkkaG wGuCjrBDuQbIdCRuvGSHBzsDFfR3U7ruOBBOQbqjKfXr9TsLPdkCYPW+hm/zBjljcNJ0 L9MA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=ZdybwiWq; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=fail header.i=@gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id a640c23a62f3a-a93c2aade13si724008566b.1050.2024.10.01.06.41.13; Tue, 01 Oct 2024 06:41:13 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=ZdybwiWq; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=fail header.i=@gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C95B668D2F7; Tue, 1 Oct 2024 15:51:31 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 388B468D1EA for ; Tue, 1 Oct 2024 15:51:25 +0300 (EEST) Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-20b7259be6fso26370655ad.0 for ; Tue, 01 Oct 2024 05:51:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1727787083; x=1728391883; darn=ffmpeg.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=2QPoZ+vtWVdy8l1ar02NAqAK2naCVxYS0GK/Jvd/AI4=; b=ZdybwiWqoh6CicadCiY9O+r+odL5RUZPyavvX8mEBEU+umzyQcbbQ1RRu/xL8/URgK wbZns4hsFwO0SPIrhxwjHVNhnkB3T2LrMaTeEHc2AV3DNGlHEyOgJEwwebvxLo28W4c0 ZXlGUPneHTvDI9uqGCGqNQjta6JCTigFf2ZkLykOk0fjOQEhpGTgJ3gKl8ZTiGVxidIO 1sUmc13VLFsQSUTZtdAFNYwS4YMvGySDLgEfoUnk21zPlaxIHqJaks0CFrFBoHE7b+p2 jA1VF5K0hBRHjEOQRNkH4Ird69Cq5Xpf+mS3NjVv1jPLsd+pZkLbI5YECVgDMZJddWZl Mm2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727787083; x=1728391883; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2QPoZ+vtWVdy8l1ar02NAqAK2naCVxYS0GK/Jvd/AI4=; b=gSZXaq4W1ftvQE8U71xj6+7Ybb/cDbDLM6ZiMLU+hpQLqA4DsPpPVfhgDQBCEZ1+27 wfH24MofS3bmx2YRSYElFmrZh32rnuKcMr52t2EPVtIUjyZEagfu9t1or0smommCIjxv FtJBG5xSTakaOj0GpoNKP253CQvTHARxo/y9+GQiQCis6LNVn4+u0m4Hp3wLCg/quScS D+8OpN7JrxH9cawo63vu9SrmzekViKsjMTDBBaCRlqlhoxAUG1DSJpnQDDD7/Z2QjZng azD3bptwtEegP/ef9JRdwV7ye9J6VNd+nabm2ZnEIVf4XTfhRqnL0+Aj8mBoIbw7jVQe n0gg== X-Gm-Message-State: AOJu0YzjqQVS30JazXVJm+LwYLCZqU71ufPYXolqpXXLHn3XZi/MwVBi e8mdCNS4dCc4MHrWZXJtUZ6UGrRFHTzFnExud9pKvCjTDj+u7gerWJCxKA== X-Received: by 2002:a17:902:e805:b0:20b:9680:d5b8 with SMTP id d9443c01a7336-20b9680d851mr73995305ad.3.1727787082797; Tue, 01 Oct 2024 05:51:22 -0700 (PDT) Received: from localhost.localdomain ([181.92.233.116]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-20b37e539ccsm69492905ad.255.2024.10.01.05.51.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Oct 2024 05:51:22 -0700 (PDT) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Tue, 1 Oct 2024 09:51:53 -0300 Message-ID: <20241001125154.714-1-jamrial@gmail.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20240930174119.6426-1-jamrial@gmail.com> References: <20240930174119.6426-1-jamrial@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 5/6] avformat/mov: don't abort on invalid clap box data X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: HGBxjT6ZJfkD Unless explode is requested. Signed-off-by: James Almer --- libavformat/mov.c | 37 ++++++++++++++++++++++++++----------- 1 file changed, 26 insertions(+), 11 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 43444477e7..bec834023c 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1236,7 +1236,7 @@ static int mov_read_clap(MOVContext *c, AVIOContext *pb, MOVAtom atom) AVStream *st; HEIFItem *item; AVPacketSideData *sd; - int width, height; + int width, height, err = 0; AVRational aperture_width, aperture_height, horiz_off, vert_off; AVRational pc_x, pc_y; uint64_t top, bottom, left, right; @@ -1252,8 +1252,10 @@ static int mov_read_clap(MOVContext *c, AVIOContext *pb, MOVAtom atom) width = item->width; height = item->height; } - if (!width || !height) - return AVERROR_INVALIDDATA; + if (!width || !height) { + err = AVERROR_INVALIDDATA; + goto fail; + } aperture_width.num = avio_rb32(pb); aperture_width.den = avio_rb32(pb); @@ -1267,9 +1269,10 @@ static int mov_read_clap(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (aperture_width.num < 0 || aperture_width.den < 0 || aperture_height.num < 0 || aperture_height.den < 0 || - horiz_off.den < 0 || vert_off.den < 0) - return AVERROR_INVALIDDATA; - + horiz_off.den < 0 || vert_off.den < 0) { + err = AVERROR_INVALIDDATA; + goto fail; + } av_log(c->fc, AV_LOG_TRACE, "clap: apertureWidth %d/%d, apertureHeight %d/%d " "horizOff %d/%d vertOff %d/%d\n", aperture_width.num, aperture_width.den, aperture_height.num, aperture_height.den, @@ -1291,8 +1294,10 @@ static int mov_read_clap(MOVContext *c, AVIOContext *pb, MOVAtom atom) bottom = av_q2d(av_add_q(pc_y, aperture_height)); if (bottom > (height - 1) || - right > (width - 1)) - return AVERROR_INVALIDDATA; + right > (width - 1)) { + err = AVERROR_INVALIDDATA; + goto fail; + } bottom = height - 1 - bottom; right = width - 1 - right; @@ -1301,8 +1306,10 @@ static int mov_read_clap(MOVContext *c, AVIOContext *pb, MOVAtom atom) return 0; if ((left + right) >= width || - (top + bottom) >= height) - return AVERROR_INVALIDDATA; + (top + bottom) >= height) { + err = AVERROR_INVALIDDATA; + goto fail; + } sd = av_packet_side_data_new(&st->codecpar->coded_side_data, &st->codecpar->nb_coded_side_data, @@ -1316,7 +1323,15 @@ static int mov_read_clap(MOVContext *c, AVIOContext *pb, MOVAtom atom) AV_WL32A(sd->data + 8, left); AV_WL32A(sd->data + 12, right); - return 0; +fail: + if (err < 0) { + int explode = !!(c->fc->error_recognition & AV_EF_EXPLODE); + av_log(c->fc, explode ? AV_LOG_ERROR : AV_LOG_WARNING, "Invalid clap box\n"); + if (!explode) + err = 0; + } + + return err; } /* This atom overrides any previously set aspect ratio */