From patchwork Mon Nov 27 04:24:14 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Carl Eugen Hoyos <ceffmpeg@gmail.com>
X-Patchwork-Id: 6389
Delivered-To: ffmpegpatchwork@gmail.com
Received: by 10.2.161.94 with SMTP id m30csp1209007jah;
	Sun, 26 Nov 2017 20:24:45 -0800 (PST)
X-Google-Smtp-Source: 
 AGs4zMYzph8EEEMcc2plWzuRTAI3IvF+UyaQtd3Mtf1IqmVoYE1dpl3Kujp5zMGBZroRpk1eU1tz
X-Received: by 10.223.175.100 with SMTP id
	z91mr29107736wrc.138.1511756685880;
	Sun, 26 Nov 2017 20:24:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1511756685; cv=none;
	d=google.com; s=arc-20160816;
	b=HHsDn7CNgbcHvEtBGl7z5eushWz5zSPrjydTugVRHBLg2iCQKQmgTYkfn0tgoOe01Y
	GBC0VKJg2Dp71AArfD8JnG6/GUwFcgW/Hdz8tEBxysRPA5XhHYuouGTIZ8E16n4Oh+yP
	HY8xUpNOJPcxtEBj+q69MygXwH+JdEJS5xWHVNzHLt7Gtj3NTg0DOaUCuSIReK25yttC
	HYIlvmb/2RRmbnsX832H6PbvP8wXdd5bMT5ASRJUBie4aTVi4633pBfYrJ02nObQhN+d
	iV3LtcrTG14XSpdbcvXKkG3lcIWnXNanrt0QuiuSU5Eik+Yujjp0uZzzBsfRUZu2zv3m
	/zYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=sender:errors-to:reply-to:list-subscribe:list-help:list-post
	:list-archive:list-unsubscribe:list-id:precedence:subject:to
	:message-id:date:from:mime-version:dkim-signature:delivered-to
	:arc-authentication-results;
	bh=buW9IHEcYdZpZCiSFps6stQ6dRsHADa5p2EmGMpKb5g=;
	b=JOc1B6HnYUGEhMIcU72ELXmHiWWjbnIHGTO915MJ9nZvOKRUDehBIMg2BeAsKaWvVE
	COFSFBA10yUINlilf+pS8AUflvyXRTzrsb1TCFdObmC35eAgyk29XuRxuwyUu3RiYlDh
	PqimzkDL4SzroaJwlxBALhPuMf5CA1ViXK12Qu2RsPi88KcuwdcdThs5txDMwiccx8hS
	9bE5NBI4K4rpoFaEf1T4k2TQR7VLh1Y3oXsJJBCQsGl4tX97z0PafVC9RFjMD6B0B2QK
	OlvyigBC/Zv9rbm+c/PlyJPSe2rIr7qqdsUMoWuPgSJ6VNG67Dsopr4KMMeZQqDa8hka
	cV+w==
ARC-Authentication-Results: i=1; mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@gmail.com
	header.s=20161025 header.b=CA9b+dmn;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
	dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
	by mx.google.com with ESMTP id
	y37si21897081wry.86.2017.11.26.20.24.45;
	Sun, 26 Nov 2017 20:24:45 -0800 (PST)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@gmail.com
	header.s=20161025 header.b=CA9b+dmn;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
	dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 94C71689CE8;
	Mon, 27 Nov 2017 06:24:41 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-it0-f43.google.com (mail-it0-f43.google.com
	[209.85.214.43])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 0FF9A68972C
	for <ffmpeg-devel@ffmpeg.org>; Mon, 27 Nov 2017 06:24:35 +0200 (EET)
Received: by mail-it0-f43.google.com with SMTP id m191so19663499itg.2
	for <ffmpeg-devel@ffmpeg.org>; Sun, 26 Nov 2017 20:24:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=mime-version:from:date:message-id:subject:to;
	bh=C6umSbB3+50+7PEYVL5xWn3fTXlxubT20cGR2QFQwwk=;
	b=CA9b+dmnI67KpGPY83OfXfGGu7NJMnIskwSS7PI9FlMQnHCxuSU8RwgxxgtM16c0No
	3m9VlRs3RtFMb+L6TUZdp8JnJWPmQUrohrDnlQMDnRfLB8AMchgQzF8f5LiNS4ScENnZ
	cw2qsSrhh5uuahGD2ZTaMxmp3476DJ8nM8b4E96gyf2ud76t2idqUe8TYbwrNptWs3L+
	lz+Z7Q03eWmiF4emudid3wfulObLotLB0Klwdfs0E0UoMV3wXCOmczMsNpA6ggK812JU
	JM7BjKjWIIovpEyv7xQ6r0xJ4RvUdy/JmBL0IoblVe1l+aqf4suN4ebWo6DfMW8S3vo+
	Uh0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
	bh=C6umSbB3+50+7PEYVL5xWn3fTXlxubT20cGR2QFQwwk=;
	b=pYFcoFzDKScGMlTzEniCEW1E9Bjv4pPwuzW9YFQpgxdsGocPRltxcwq5z+FDchO/l3
	no0vGzyVmvyEqtPH6ofGa54su/xGxFB4S9AwEVeNIIs7f+3//M0m6M2F/nTJd4LZetrZ
	FulS37buj9MRpEk2U3jGMU6lHfRQJYlMEaZSZNvhXyqiKc8WRCO5Dm+RQdpiQzRet5hH
	uzw30ngF/DwuhK07stIMP32feTBWs7a/zjlsVDk5v8bV/NOji5vI3EsT36X2DpEO8lYZ
	qziyYe/ujffV2+Y3osmQ7ZBdRUs9y/T9w011WRlh4IOM/vwfk8XO+JUGvmwlSfiSjps3
	jgFA==
X-Gm-Message-State: AJaThX5XgO41SzfWdVW/DKXLkiuX+aCqKZxOH2hDETsZv1KSmOlMhUx5
	oPwXFYCHs5ZUeCpicq/VxKFLTpxbvg997N8U0Ew=
X-Received: by 10.36.208.23 with SMTP id m23mr26880247itg.137.1511756675331;
	Sun, 26 Nov 2017 20:24:35 -0800 (PST)
MIME-Version: 1.0
Received: by 10.2.155.66 with HTTP; Sun, 26 Nov 2017 20:24:14 -0800 (PST)
From: Carl Eugen Hoyos <ceffmpeg@gmail.com>
Date: Mon, 27 Nov 2017 05:24:14 +0100
Message-ID: 
 <CAB0OVGqBnTSiGd6Qbwqk08Fh9HU_cNZR6QyvhTcL18kfD4JLow@mail.gmail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: [FFmpeg-devel] [PATCH]lavf/mov: Do not blindly allocate stts entries
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <http://ffmpeg.org/mailman/options/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <http://ffmpeg.org/pipermail/ffmpeg-devel/>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <http://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Hi!

Attached patch avoids allocations >1GB for (short and) invalid mov
files with only reasonable speed impact.

Please review, Carl Eugen

From 0d243bad5fdd9850ff41d49a32a06274a3cd9756 Mon Sep 17 00:00:00 2001
From: Carl Eugen Hoyos <ceffmpeg@gmail.com>
Date: Mon, 27 Nov 2017 05:13:25 +0100
Subject: [PATCH] lavf/mov: Do not blindly allocate huge memory blocks for
 stts entries.

Fixes large allocations for short files with invalid stts entry.
Fixes bugzilla 1102.
---
 libavformat/mov.c |   16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index ddb1e59..9d353bf 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2838,14 +2838,24 @@ static int mov_read_stts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     if (sc->stts_data)
         av_log(c->fc, AV_LOG_WARNING, "Duplicated STTS atom\n");
     av_free(sc->stts_data);
-    sc->stts_count = 0;
-    sc->stts_data = av_malloc_array(entries, sizeof(*sc->stts_data));
+    sc->stts_count = FFMIN(1024 * 1024, entries);
+    sc->stts_data = av_realloc_array(NULL, sc->stts_count, sizeof(*sc->stts_data));
     if (!sc->stts_data)
         return AVERROR(ENOMEM);
 
     for (i = 0; i < entries && !pb->eof_reached; i++) {
-        int sample_duration;
+        int sample_duration, ret;
         unsigned int sample_count;
+        if (i > sc->stts_count) {
+            ret = av_reallocp_array(&sc->stts_data,
+                                    FFMIN(sc->stts_count * 2LL, entries),
+                                    sizeof(*sc->stts_data));
+            if (ret < 0) {
+                sc->stts_count = 0;
+                return ret;
+            }
+            sc->stts_count = FFMIN(sc->stts_count * 2, entries);
+        }
 
         sample_count=avio_rb32(pb);
         sample_duration = avio_rb32(pb);
-- 
1.7.10.4