From patchwork Thu Sep 23 15:28:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 30502 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:6506:0:0:0:0:0 with SMTP id z6csp566737iob; Thu, 23 Sep 2021 08:30:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxGpPs/rrXe9TcmquUds3KRf9H9iGz6fn4r/K8+uVbNRYWyyytl07MRZVwbgZ4NeqxK+c8z X-Received: by 2002:a50:e142:: with SMTP id i2mr6072749edl.107.1632411046639; Thu, 23 Sep 2021 08:30:46 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id c15si6572774ejz.158.2021.09.23.08.30.45; Thu, 23 Sep 2021 08:30:46 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=bjCDLQn7; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id F382E68ACAB; Thu, 23 Sep 2021 18:29:38 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-oln040092065047.outbound.protection.outlook.com [40.92.65.47]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id BED0B68AA9C for ; Thu, 23 Sep 2021 18:29:33 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ewL8hm/hK3BHYUSuxyeXym7G2RxyNS0Yue7ZDvdxqtkv1j8C8bWRHjIg4d2VVDW26CoovK9NEWtEl/FbwhZ/DdO/435bk33VQPaGT9wTvMfrx+4q9AKZp7bsr+lHHPqjCNBVJJyXVcKhcJp1TL1WMn4F06vaUnbMX/hL+IresTCKWQ6EtF2bAORwcc3IByJN1c4GcjJ88kPudLtUI1coQ3rteDoDBfG4tnfT8S/jriUCzh8wOiD5db/DMS406Sz0Ict4o0ZXsDWoZsdoX97+3OxLO/UUnV1PSeGgVZSIF3Y6+jxKOzEti7rahZP1Ogb2kec0cZMUlhI2AE7UGi9lxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=9O7DdSBu3Kuue6zrs9lL7aiy1oAS4Tfl1CS6uUgfG8A=; b=JWFJKSmQEnuvg+WxgSOdwqUAR2CeAgEQQRbOKaN/w4xaacU8BDOhv27UB8n7/NXI1bjKFH2NS5EW/i2BYgXsY9ouhcrZzSVMMzJq/aiHYk8lHB+0AEdA6FOOuuotj0Xmxe/GXvx4njiip/9zsNOg5pwenC53Pg1hFA8VnjHNhe83kDYZ4//wRztW7vuGhg4k/4ryy1zjZwoABjEWT/wB0djBbwhEixCfj/LiztWeWh+OxJ0M0PsYpCA1Xgl2d/HdHroN/1yn9XN6qnWMJSN2RwIXIAy2JaAxI5kwBUoMx74pvZ9QC6xdTPvC5MBxryxOPpszpghoF+y3aV2yCJ20Ug== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9O7DdSBu3Kuue6zrs9lL7aiy1oAS4Tfl1CS6uUgfG8A=; b=bjCDLQn77UoQxG7IBvAuKOx/Gvvaigi/N7aOqY++gm8nZsXSWScz+VzmQZo/mKKR/lMjLCoIzrD9Gs1UENaj5snQCtynDfga0Um4a1M5rGQ8/rYYsQy2WEOYMR5o2cYSWT00+y2/xBmT1xB/duLjRGXNwcbNaozhcJpzEWwEi59F+M8rzadZwi/dMN0kuT7JpFKjhfaM/OWSvIhCYOwaXtLfOOYpG1qqOencxAeM7b21JECNLqpBGO7/OeETS0FqqeK+de35fHg3jQCV4br/AUE2TqTCIcGCLrxqexbcJrmb7o9DwHI/2ciKGWoKHlw9oPfdXio8PBNHgq1EwJKR+w== Received: from AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) by AS8PR03MB7061.eurprd03.prod.outlook.com (2603:10a6:20b:295::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.15; Thu, 23 Sep 2021 15:29:29 +0000 Received: from AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::787b:2156:ca99:fe00]) by AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::787b:2156:ca99:fe00%3]) with mapi id 15.20.4523.021; Thu, 23 Sep 2021 15:29:29 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Thu, 23 Sep 2021 17:28:44 +0200 Message-ID: X-Mailer: git-send-email 2.30.2 In-Reply-To: References: X-TMN: [WgiOEKor6Ii4u9/7pru1b2DxErAI7NBy] X-ClientProxiedBy: AM0PR06CA0106.eurprd06.prod.outlook.com (2603:10a6:208:fa::47) To AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) X-Microsoft-Original-Message-ID: <20210923152902.42865-8-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sblaptop.fritz.box (188.192.142.38) by AM0PR06CA0106.eurprd06.prod.outlook.com (2603:10a6:208:fa::47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.13 via Frontend Transport; Thu, 23 Sep 2021 15:29:28 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e34a908a-6919-4928-bd77-08d97ea6ef09 X-MS-Exchange-SLBlob-MailProps: S/btQ8cKWiSygBPrM25OmITrtIHMJgdSMz5jjWryRmWzfvsBvtOZv2vCa0jW34pIppESB0QuKZ9OxmN13XewU2w+tCYNb8SJRmfK73IXQIV5g7o/35sAPfwts3JgwKqfJreKKTx/SVew/2QvA9skU9m4Yghpsn7BQouff4rvQ6MUZrjn/EF0cmR2zxMIFfQO9OAQZ4NXOETYABDOjWACD7SsZ4q9C0WMQ7QM+DouGEOO7RMJUfpBYWEeXD8voJOVRdjW/KyKX246F/INumPZAcjps2fibcuzNgGUP1RCPN2kAef/jbPkI/trOs2uXsOszVOyhSa/jBBnm+PnpovX9r3HLhOW9lwp/XvAz3l+Q2S0/uuln80livx0Vc7d1VjbSIsEs21wMdfCqIfmpVgS8H6pmxlnuQvXHCqvOCOyp7fWtPev8RDD8DDFCKT3XFObbfnCEsv95dXuwfnApPXASiKsXQaIFK1JjmI1tkGbAJtASLG5f1GdiBQnnjacjT6i/1qnntblOCepRGMvRnOLUyIRU9ndDiR3XbgepXxDK/pQJfK5gvSW0Ze2nw+gWzJArEXvzj2+kKCjcJfJsgV+3QE+dsL6mBt6mjeb2yHbnCJganpyUabbKr70nWwrFxzRVs9gvoLup1ht79vvuZpAYX4uK+yUTqv/273UhkBK8tTpbtNLh3F84JxoO4OzgZubqUqt+1xRdVfELYj+YVocTm6bSHPDfTOTpofifqbHP27kicCPBlMJpL3mnE/EUQ5AQuIDPvPIL4o= X-MS-TrafficTypeDiagnostic: AS8PR03MB7061: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: JpVbPaZJBh87yIl3WNf/W3Yw4cxmNrwI8Rsfl5n04FpRj5WKch0Am8NQWw6u+9asw7psOkkcDSgfbafaCBrpspBFViwHT+IF09mKGKbEyq5J/lpnRB6OXkcLA4cNpCDpYKfqv8VxT7k8xM4BqZjV5GFNJhcNxFYo1mYM1zzZuOpr3N+yyz0dtZSWQOLyn+ecHItNQbnNjYVIl0fAjgnZdGmidg4VmwJes2kijo/tul8nc/yrdIbNT8TAHLjsJKT/OiAMBz1ZJp8eXIJfBAd9iHTRFQ+RvfsF9AcZ9gsYLgvxhpazpajTcJmv1JB0RIGy5LZPbBPdlTc45c3sbtfo3JprRb5GuC5nrVHp+cIFwi8HH10D4TOCQzcMzEHU2I0+QF+12Mp5ZWVrrg3v3q8R24Y11ABzS0kMgNV+bfteiWh2zxkSrF5FL+SjJxT03tiY X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: lQxHfglLDcc+qtfkt9Rr8oENeAP6q9NbgvVTcDDzNhzKRU5Gwq4tR+yiecg88gzAxJ4HZIAEikYWt1iinZCfr6JJNCqLdXDMU9DeJei9x8a6EuaNOxvpawILGbT6MWfxSDV1vQZxaBOOEpYbXy7y0A== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: e34a908a-6919-4928-bd77-08d97ea6ef09 X-MS-Exchange-CrossTenant-AuthSource: AM7PR03MB6660.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Sep 2021 15:29:29.1999 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR03MB7061 Subject: [FFmpeg-devel] [PATCH 09/27] avformat/cafenc: Don't segfault upon allocation error X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: gPRdC8iEhKZP If an array for the packet sizes could not be successfully reallocated when writing a packet, the CAF muxer frees said array, but does not reset the number of valid bytes. As a result, when the trailer is written later, avio_write tries to read that many bytes from NULL, which segfaults. Fix this by not freeing the array in case of error; also, postpone writing the packet data after having successfully (re)allocated the array, so that even on allocation error the file can be correctly finalized. Also remove an unnecessary resetting of the number of size entries used at the end. Signed-off-by: Andreas Rheinhardt --- libavformat/cafenc.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/libavformat/cafenc.c b/libavformat/cafenc.c index 622ae14264..b17d2397e9 100644 --- a/libavformat/cafenc.c +++ b/libavformat/cafenc.c @@ -210,21 +210,18 @@ static int caf_write_packet(AVFormatContext *s, AVPacket *pkt) { CAFContext *caf = s->priv_data; - avio_write(s->pb, pkt->data, pkt->size); if (!s->streams[0]->codecpar->block_align) { - void *pkt_sizes = caf->pkt_sizes; + void *pkt_sizes; int i, alloc_size = caf->size_entries_used + 5U; - if (alloc_size < 0) { - caf->pkt_sizes = NULL; - } else { - caf->pkt_sizes = av_fast_realloc(caf->pkt_sizes, - &caf->size_buffer_size, - alloc_size); - } - if (!caf->pkt_sizes) { - av_free(pkt_sizes); + if (alloc_size < 0) + return AVERROR(ERANGE); + + pkt_sizes = av_fast_realloc(caf->pkt_sizes, + &caf->size_buffer_size, + alloc_size); + if (!pkt_sizes) return AVERROR(ENOMEM); - } + caf->pkt_sizes = pkt_sizes; for (i = 4; i > 0; i--) { unsigned top = pkt->size >> i * 7; if (top) @@ -233,6 +230,7 @@ static int caf_write_packet(AVFormatContext *s, AVPacket *pkt) caf->pkt_sizes[caf->size_entries_used++] = pkt->size & 127; caf->packets++; } + avio_write(s->pb, pkt->data, pkt->size); return 0; } @@ -263,7 +261,6 @@ static int caf_write_trailer(AVFormatContext *s) avio_wb32(pb, 0); ///< mPrimingFrames avio_wb32(pb, 0); ///< mRemainderFrames avio_write(pb, caf->pkt_sizes, caf->size_entries_used); - caf->size_buffer_size = 0; } } av_freep(&caf->pkt_sizes);