From patchwork Fri Mar 2 23:43:35 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Wolenetz X-Patchwork-Id: 7798 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.2.181.170 with SMTP id m39csp84239jaj; Fri, 2 Mar 2018 15:50:39 -0800 (PST) X-Google-Smtp-Source: AG47ELvFdSu74v4zv1322yK0ZinK2Nos/KAJkkdgLH9SOQr/dOOJbFR78v5Xu81h4ul9j6/aWNem X-Received: by 10.223.162.152 with SMTP id s24mr6161012wra.148.1520034639231; Fri, 02 Mar 2018 15:50:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520034639; cv=none; d=google.com; s=arc-20160816; b=OQOcw5vSH24caeD7L5J/U8tfEMaN9PXBeMLygKwqVoLbtqy/YW/TJL94Hsx8SPpEmw MpGyiSvaf/XQVshinqfAWoeewcZlw1u1oOIsLs6BW+R6Pnpy0hJM21PrgddXe84Cq7PH QRe1uvAb2pe3ouIynYaD5Bemai8+pIyxnuulbHX2VZmyjdwdMopU54dk7+v/fzOlQV0o XmsONypXGAztQj4qgAPZSdkA2Jz1KVmz1awvLuuOqNIm+eLDGbbGLLuzkiMWKMi2yrWB gnHxx/4ZXM7b+z/iB3/sNDBgMMCycvWUQ9qZ7J3JVMcqsnsVsROmXDE067wZTHcAZMht k+ow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:to :message-id:date:from:mime-version:dkim-signature:delivered-to :arc-authentication-results; bh=jGhmqhkSuj1dyKEz/hFQNV1JtKOAKgXMBKxqhdYLtn4=; b=m/p54tD1xgN6EkbegCpmHMXUBSyTl9hlUjwGwkGTeji5KA/tkVP8pYe9eM63WX3OMe 3NZ16Qbk1qnLQvjOZt/ub3jBMtXYoF95WgGa0Ro6iAU1VdCUNMYsCdYmLlU+ZS2jMn64 yrVlJUzTSfjoSQyCnHV5liLK8+LW+Ug2sBir9aSqn+WIUQyv13/Mdiscax3/KvW/0gME a5xsdE3Zxj4H5shgfyT0xr6aT1dmI92SuqHn8uQc6F4RpV5z/Kk6cD3KT7MYqDxCSf69 SuZjemq/0YIw8Uu32+a7htIhEIvI5KRIzhhR3BnT+/LRGSJ4JBzsaPdj1ORFOveZlKdC 0Jlg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@chromium.org header.s=google header.b=hGbxLPCd; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id q109si5376477wrb.181.2018.03.02.15.50.38; Fri, 02 Mar 2018 15:50:39 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@chromium.org header.s=google header.b=hGbxLPCd; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 66C7368A6C9; Sat, 3 Mar 2018 01:50:31 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-yb0-f181.google.com (mail-yb0-f181.google.com [209.85.213.181]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 0AEF068A20A for ; Sat, 3 Mar 2018 01:50:25 +0200 (EET) Received: by mail-yb0-f181.google.com with SMTP id u5-v6so3949610ybf.4 for ; Fri, 02 Mar 2018 15:50:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:reply-to:from:date:message-id:subject:to:cc; bh=L7gQmz5tfRCovqv7i4nNPSR/ld72EhODwjg7javvJ3c=; b=hGbxLPCdMM4ektiZ3ypsFglP5JwhoxkwMOt34o3oVRke8tVerORsvOBRg3y2FoTbZS xORWTNsvojGS0y2bTtIfYUABDxn+aZTDTulWPy3D6P7BAvgKVXY/tsjd8n1+9+dOMPXC umKZTIC6+RopZsHvzBrCbKJmwYLxAmAtkoR5g= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to:cc; bh=L7gQmz5tfRCovqv7i4nNPSR/ld72EhODwjg7javvJ3c=; b=VOI+TYzWV+jFAkGf+XR/85AWujKyhiLAONEWeBh3iZtV5Xhw3GvuUt04Zke1Rc2i0+ wf3yX6uSkQqNN/EBD6d1A5qEv/GY/pn2yX5VssVsZh2VYpVBWGSN6NH9wDbaxHFSyyCl EAD7wSbqaDxieitVv/dWTCv2dXVttrCgV+FffhpoQvmYNfxLyMbn2ihjMEUkUxpONt3V PZmRPhh/9SoD5tsWeSoFxKM3Z48hV+0J/Oj9rPvJiRupFzGGNjmyqiA5q5zXX0Ltx/xY Psff959ofXDtQ/1I0MjSRYRYi/TC9QoOu39tNmH9/R8blq5Kmli9ag7cncolu/C548zM Grmw== X-Gm-Message-State: APf1xPBplFkz1cAGP4HVJIvJDLTPRxIUYyzSvRoUB85/z+SiQb3vkoTr +TpIJbuip7/oSo/p6s5JJNUN3o5Eyyc= X-Received: by 2002:a25:9a41:: with SMTP id r1-v6mr4765772ybo.432.1520034257811; Fri, 02 Mar 2018 15:44:17 -0800 (PST) Received: from mail-yb0-f182.google.com (mail-yb0-f182.google.com. [209.85.213.182]) by smtp.gmail.com with ESMTPSA id g9sm2952885ywb.69.2018.03.02.15.44.16 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 02 Mar 2018 15:44:17 -0800 (PST) Received: by mail-yb0-f182.google.com with SMTP id e135-v6so3949912ybb.3 for ; Fri, 02 Mar 2018 15:44:16 -0800 (PST) X-Received: by 2002:a25:4f82:: with SMTP id d124-v6mr4873898ybb.408.1520034256499; Fri, 02 Mar 2018 15:44:16 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a25:5f45:0:0:0:0:0 with HTTP; Fri, 2 Mar 2018 15:43:35 -0800 (PST) From: Matthew Wolenetz Date: Fri, 2 Mar 2018 15:43:35 -0800 X-Gmail-Original-Message-ID: Message-ID: To: FFmpeg development discussions and patches X-Content-Filtered-By: Mailman/MimeDel 2.1.20 Subject: [FFmpeg-devel] [PATCH] ffmpeg: Initialize a potential gap in ctts_data in mov_build_index X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: =?UTF-8?B?WGlhb2hhbiBXYW5nICjnjovmtojlr5Ip?= Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" From c40925a0d3ec1397cd6ed7d29bae573c5bdf1ec2 Mon Sep 17 00:00:00 2001 From: Matt Wolenetz Date: Fri, 2 Mar 2018 15:12:41 -0800 Subject: [PATCH] ffmpeg: Initialize a potential gap in ctts_data in mov_build_index mov_read_ctts ignores ctts entries having count <= 0. Generally, the aggregate of all ctts entries' count fields resulting from mov_read_ctts can be less than the corresponding sample_count. mov_build_index attempts to normalize any existing ctts_data counts to be 1, to make a 1-1 mapping of a ctts_data entry to a sample. That 1-1 mapping left a tail of uninitialized ctts_data entries when the aggregate, normalized ctts_count < sample_count. Even more generally, later usage of ctts_data may depend on the entire ctts_allocated_size having been initialized. This change memsets the entire allocation of the normalized ctts_data in mov_build_index, to prevent use of uninitialized data later. BUG=816787 Change-Id: I7fd7db255e3aeed076ee32c90cb2df211741c052 Reviewed-on: https://chromium-review.googlesource.com/947110 Reviewed-by: Xiaohan Wang --- libavformat/mov.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index f01116874c..05dfaf340e 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -3745,6 +3745,9 @@ static void mov_build_index(MOVContext *mov, AVStream *st) av_free(ctts_data_old); return; } + + memset((uint8_t*)(sc->ctts_data), 0, sc->ctts_allocated_size); + for (i = 0; i < ctts_count_old && sc->ctts_count < sc->sample_count; i++) for (j = 0; j < ctts_data_old[i].count && -- 2.16.2.395.g2e18187dfd-goog