From patchwork Thu Apr 1 21:26:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 26694 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 5337844A5B2 for ; Fri, 2 Apr 2021 00:26:36 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 30338689F27; Fri, 2 Apr 2021 00:26:36 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05olkn2051.outbound.protection.outlook.com [40.92.89.51]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id CC397680355 for ; Fri, 2 Apr 2021 00:26:29 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=h5tA7WS7F14kkn6JZmLY14U66jcESB7eYu4FwoVEsM4+D06qOmcnZ4nBsl/PUHLEO6hxeabUAn+XjqCBvpEQiBMy6SIRlyuiMVBb2XQxUFGYHsBokuTkASBqvWYXv/lS8IKzDUr74mYpGrXxFz0pLHRdzSYxHaqTwASKjI5M2kj12Zymjf+KRgT2KCdiSKIV3MimLfYQrn2DTjYstXJb+QWOldOQwu5a8djl9GYSPx5WJZZP41yfXbFb3gBZokuRdmXameO5mIDNw6FBDdZpiES18+hoOwRMm3BkB2dbZZfnLiakoWZLGOlYF2TrqsPALb36U1dA7efp1oXKXvmqWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9CJjW0f7/YSHTUTAEJadza78zv81nbWT14s5CNmXICw=; b=eU6vo+Sna0Loxng9l7IIqaE77eJEHwgf17nLRxCdbgwkI44Vz99eOWKn3dgj+NnZfVX+7P4H79ZoRv9j1e8YJMuHU+6Yf5rYRTmdjyZ2KwhDRGGUCLvBgs9gtia3Mj8qUovpS2eY3Q4URUZY778ePTqsyrJtNdM/wdCpwbOozmwO4S/NbFhhp5sqW2/q7tDVNaPVV3jKvIuMh5tMAtyb+fOHLn4XWiA+CJpP1d4X5AJzvqorKd3cry4L5k5F7+snyWR5wCTq0jNcFWYZePyMBQKdhRb2Hupfr3Wy4CEdhs1JOYbAr4/CDGiJ4bnd1jj2saUvcWWg7lqOcqRGyYUrPg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9CJjW0f7/YSHTUTAEJadza78zv81nbWT14s5CNmXICw=; b=ZGNsvje4tKI/uJ38IqHw3I35Bulgu9MUAncYQLdllAwWeKqmRcNwDu3DbhTQN954xqWNlj3sEv0BhkkpPF6FiTgBenheuPJZ/Sf8kw7iKxxFyclNRgtl5eoCDqS79EfT7jZef/MohN/5B9b0jOL0r2B68FyaoOTPz2CYhhyFAfF8Rn6gqYyddkS8VSdJ908Z+qq4gT16DktYkpsOYBO5s0Xg+FLM7qLXzIW3eeJVf5rAu/Kcj/d+kGsvy/+K7/DAK06lvcHllvmV5/gHK1Xfkq4w43+MbtZf6s0naSCKCXUOn/6ACT4nkmDeuuOd6Q2A3biq2K/a09Nk/piJIh9GCw== Received: from DB8EUR05FT053.eop-eur05.prod.protection.outlook.com (2a01:111:e400:fc0f::47) by DB8EUR05HT109.eop-eur05.prod.protection.outlook.com (2a01:111:e400:fc0f::219) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.28; Thu, 1 Apr 2021 21:26:20 +0000 Received: from HE1PR0301MB2154.eurprd03.prod.outlook.com (2a01:111:e400:fc0f::51) by DB8EUR05FT053.mail.protection.outlook.com (2a01:111:e400:fc0f::98) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.28 via Frontend Transport; Thu, 1 Apr 2021 21:26:20 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:BD52B77D7B014BD4A9DE6F3675A09C687F80C5A4B6287CCE866086455701358A; UpperCasedChecksum:F6E0CD18C7617DAE966640E824616FF5848E705753ED9FD442D28B448A8D3DE4; SizeAsReceived:7597; Count:48 Received: from HE1PR0301MB2154.eurprd03.prod.outlook.com ([fe80::8128:5de5:4e94:9a21]) by HE1PR0301MB2154.eurprd03.prod.outlook.com ([fe80::8128:5de5:4e94:9a21%3]) with mapi id 15.20.3999.028; Thu, 1 Apr 2021 21:26:20 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Thu, 1 Apr 2021 23:26:07 +0200 Message-ID: X-Mailer: git-send-email 2.27.0 In-Reply-To: References: X-TMN: [fJHNTJKwm5tqbOpCayaXXNz6zcDW7/SZ] X-ClientProxiedBy: AM0PR10CA0016.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:17c::26) To HE1PR0301MB2154.eurprd03.prod.outlook.com (2603:10a6:3:2a::22) X-Microsoft-Original-Message-ID: <20210401212612.2343423-1-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sblaptop.fritz.box (188.192.137.96) by AM0PR10CA0016.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:17c::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.28 via Frontend Transport; Thu, 1 Apr 2021 21:26:20 +0000 X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 48 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 88669029-b8a6-42d3-53cc-08d8f554cae5 X-MS-Exchange-SLBlob-MailProps: S/btQ8cKWiRmQk3JzeNKq1p0dsiv88hW8SgJv5RQEDp1LGf/3205FT9c0sKbb51WOzVhnipYx2cQ/9a6yjksh70UDH110L9I96XbzPRvdZ5m1JAG/SmEpgDR0KIu20VGOwvg+IMRxXYQSGC0HnvQdQFYqGa9y9Sp3I2xQDsz6YffaO4ae7s8Vq1z8K9rYAGTf4lsZr6UVIbBjnVp9UaFvSr5XoV9TQQamC5AXwT9BYMOQEZE1NYNHnFOnOc24R2YpjwCV9iRcUYk0BDnPNrlRTm2jzbkly2DsClSK6fWuHZTbcNDmKI0FUwZODY4fMdIrCXFUA+ZncNotxltOr1QrlVCNx64otX0Nfq9ML0PWoUuuZEGbRGEugrdVV23am6mHwzPbcY7sLR4GnBThDP0Ny6GClbPlez2xb3K8Wp59TlGx3UD5Uol8snAiIGLnybN/z4hvI0W0bQlX63AcKnnh0xLeNHoX8rngTlLmknPay1ygknDlZpQl4VrrEBbNKPHwsfqzNAtgFI7jrOD0kH7pwBOI3CgNhsSAFHw5/vJZ1fOHMjTm5C2okFMFXf0a65qot+llglbbN27dVyg8tu57xjFbhRYEVpzCK7xDol2cjcRveHvvE0U+lnBp91RCWLZVFDlPCmUiB5Vzf1yFLiFzeLWB6FUjz0I4wjG9yzfosO9DBcJd/8Kq/nm5sZupLXjj8RX4kUl7kTA2rSXPfoUrZ4+mWJQ/BtvJAcQclSOqsHEHTvltIN2XECwAhhcrQ9UBs85rJHMU/A= X-MS-TrafficTypeDiagnostic: DB8EUR05HT109: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Nm/2w55WV3PxpwIi66e/36LTNdPx7DPGznkih3v5sDLFvw0QnMk822QmVBMktyY4pbJV8ph90ZkAfurnQaYzLiNKGGV9foO0dcGSNxyEEEwl4qRgsJJewr34gT3SpkgpOdVwvUAlc9eh+pEa4nQlJqnuz2HfiKRYJSxmJ4MHoQrY4+sFuQoUoh31mZ0mFT88sQ/zsLRukn3Or4f8HMRotI/cfZIXjQcH8sNISD9Mhhk6BJ9ckb7GY0Wlj4sZ7ePLoMKQK5xlUXB4EkvvKkYqtZYNdYCM8TStJujKfqNP5J5J5anGXHusp/APjWDc/1ynUcBPx0Z6vlP6DFGK4DqCPlzQzyXH73hDLYsgXOuFE17H7v+kYh0uJZzVw7Tn6083WpJyfGwgW7r0WDhxpSzMVg== X-MS-Exchange-AntiSpam-MessageData: b+koff1muSVLZ893gkf0t4Wx/3YQCIVE8XXB9t6A/Wy2OVpR/oe84bTNxCgNCNZpnilOljpTF/nx59eWjdmTnRScRKz1Zs6NRyNkBu4GL4MpqUWwh9QiVQnoLyQrTCbpkzU+OHM67E3/0efDxov/cw== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 88669029-b8a6-42d3-53cc-08d8f554cae5 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2021 21:26:20.4709 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: DB8EUR05FT053.eop-eur05.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8EUR05HT109 Subject: [FFmpeg-devel] [PATCH 2/7] avformat/dss: Don't prematurely modify context variable X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The DSS demuxer currently decrements a counter that should be positive at the beginning of read_packet; should it become negative, it means that the data to be read can't be read contiguosly, but has to be read in two parts. In this case the counter is incremented again after the first read if said read succeeded; if not, the counter stays negative. This can lead to problems in further read_packet calls; in tickets #9020 and #9023 it led to segfaults if one tries to seek lateron if the seek failed and generic seek tried to read from the beginning. But it could also happen when av_new_packet() failed and the user attempted to read again afterwards. Signed-off-by: Andreas Rheinhardt --- libavformat/dss.c | 37 +++++++++++++++++-------------------- 1 file changed, 17 insertions(+), 20 deletions(-) diff --git a/libavformat/dss.c b/libavformat/dss.c index 0585049130..468de3fe84 100644 --- a/libavformat/dss.c +++ b/libavformat/dss.c @@ -219,7 +219,6 @@ static int dss_sp_read_packet(AVFormatContext *s, AVPacket *pkt) } else read_size = DSS_FRAME_SIZE; - ctx->counter -= read_size; ctx->packet_size = DSS_FRAME_SIZE - 1; ret = av_new_packet(pkt, DSS_FRAME_SIZE); @@ -231,17 +230,16 @@ static int dss_sp_read_packet(AVFormatContext *s, AVPacket *pkt) pkt->stream_index = 0; s->bit_rate = 8LL * ctx->packet_size * st->codecpar->sample_rate * 512 / (506 * pkt->duration); - if (ctx->counter < 0) { - int size2 = ctx->counter + read_size; - - ret = avio_read(s->pb, ctx->dss_sp_buf + offset + buff_offset, - size2 - offset); - if (ret < size2 - offset) + if (ctx->counter < read_size) { + ret = avio_read(s->pb, ctx->dss_sp_buf + buff_offset, + ctx->counter); + if (ret < ctx->counter) goto error_eof; + offset = ctx->counter; dss_skip_audio_header(s, pkt); - offset = size2; } + ctx->counter -= read_size; ret = avio_read(s->pb, ctx->dss_sp_buf + offset + buff_offset, read_size - offset); @@ -278,7 +276,7 @@ static int dss_723_1_read_packet(AVFormatContext *s, AVPacket *pkt) size = frame_size[byte & 3]; ctx->packet_size = size; - ctx->counter -= size; + ctx->counter--; ret = av_new_packet(pkt, size); if (ret < 0) @@ -288,27 +286,26 @@ static int dss_723_1_read_packet(AVFormatContext *s, AVPacket *pkt) pkt->data[0] = byte; offset = 1; pkt->duration = 240; - s->bit_rate = 8LL * size * st->codecpar->sample_rate * 512 / (506 * pkt->duration); + s->bit_rate = 8LL * size-- * st->codecpar->sample_rate * 512 / (506 * pkt->duration); pkt->stream_index = 0; - if (ctx->counter < 0) { - int size2 = ctx->counter + size; - + if (ctx->counter < size) { ret = avio_read(s->pb, pkt->data + offset, - size2 - offset); - if (ret < size2 - offset) { + ctx->counter); + if (ret < ctx->counter) return ret < 0 ? ret : AVERROR_EOF; - } + offset += ctx->counter; + size -= ctx->counter; + ctx->counter = 0; dss_skip_audio_header(s, pkt); - offset = size2; } + ctx->counter -= size; - ret = avio_read(s->pb, pkt->data + offset, size - offset); - if (ret < size - offset) { + ret = avio_read(s->pb, pkt->data + offset, size); + if (ret < size) return ret < 0 ? ret : AVERROR_EOF; - } return pkt->size; }