From patchwork Wed Oct 6 06:00:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Soft Works X-Patchwork-Id: 30930 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:6506:0:0:0:0:0 with SMTP id z6csp55099iob; Tue, 5 Oct 2021 23:01:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwd3WwmybiK3AeS7wLSLcFJ1iHXlvyolG2uunRpod4kO0aN+gI64HBG5ZcmNzYSEZVV64RU X-Received: by 2002:a17:906:38ce:: with SMTP id r14mr29613375ejd.268.1633500109265; Tue, 05 Oct 2021 23:01:49 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id co8si14655070edb.289.2021.10.05.23.01.48; Tue, 05 Oct 2021 23:01:49 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@hotmail.com header.s=selector1 header.b=rKNpgxsi; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hotmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id DFC7368AA6E; Wed, 6 Oct 2021 09:01:15 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11olkn2084.outbound.protection.outlook.com [40.92.19.84]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1925568AA35 for ; Wed, 6 Oct 2021 09:01:09 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mUwSTg2KuhaxiRnWkDlE5qFeM7sOmtrYog/xvLtkDt2lpcD6U/IzbbTsUuhrCtIiTLo1u8to1m3KAwTaQFU4iIBvvwg+EeyAczuETmG7x/xQifuNvCw5BM/PLkz6Y5WFCqYePKMlmqm8vP+mbprNtoQn7Emhndda2R//ow22GioPYhxOJbcW6rx3gRz6Mp5xYhKdkMICeiRRxyFqvshu3VIrCPtsclsmBRaRaNyoPk6fiTVCTEZL7TGe2VZy5CAwJyMfWkJJHStTTubhCRWqMUi8SmckylaefyJfBC+RO56FfoNYk75hvECf4AIWNYystZss8jTzgfg2P1JXPzNoMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8/1qVnyEWCclIJGrC5fz3zmWsKjgmjo/UCTIclcZ0u0=; b=oTUF/5hOqYC4Go5AhXOnMASNGjQBc32ipHPU5RYhhpI5Ld8WsGOkm2Fr78F57TjOhpEF/hJTaDEeVYZBfeWrf+kZSMXfOjTt9+H8sVDaSbXaVdaW0S0l9L7vixrSC0Qbp1xr9OknRC1cHOIAG9NpHUxDTWfTAl0vQL1ttv1EwxulKfcpLyPjFhdnh0Nv9w2KMDrijfztpl5EyAYMxnGURnPhZWz++Lu4C0KLAd4zDHHnXqhRr3HNWb4rVXZa6/RM2XxXnNug77bBCX+WBNjpG9B/nmxxgHUuhQowBKNn/zgQIgfCoIzN02I7DrM15PYfluZajVH0qkuEIfLzNgPSWQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8/1qVnyEWCclIJGrC5fz3zmWsKjgmjo/UCTIclcZ0u0=; b=rKNpgxsiDCOn6qZdnlQC/6vJ2RkrJmkgKHoCnyjAJMONgnLW7UHnp5pYz8Vm97/PQD0seYsipjc84CocPBNJFXNoCUSDIIA9yeV7f913csqdv0uKbz+qyfOcjNheZaUMeq8zUzAGXzaESTSVG9p9FjD9w/DktDj4e6A72NWqQhXGZNDkHm63AiSyhcajvinHHKzFrG0mwDqJxm69OqCrO59nSiAfBhtV7JQ0JhewQWS2EFsiSWptcn5oCcG1W1G3qLGSgSoAX0SbTCRG4hspa49C74Qac4KngVWts1At2cyd424Aj+ZmE5h/aQYmFUVcxW1GO+JS5OeDoA8/ZfLtmw== Received: from MN2PR04MB5981.namprd04.prod.outlook.com (2603:10b6:208:da::10) by MN2PR04MB6253.namprd04.prod.outlook.com (2603:10b6:208:d9::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4566.13; Wed, 6 Oct 2021 06:00:57 +0000 Received: from MN2PR04MB5981.namprd04.prod.outlook.com ([fe80::ecfe:2528:2012:22cb]) by MN2PR04MB5981.namprd04.prod.outlook.com ([fe80::ecfe:2528:2012:22cb%5]) with mapi id 15.20.4566.022; Wed, 6 Oct 2021 06:00:57 +0000 From: Soft Works To: "ffmpeg-devel@ffmpeg.org" Thread-Topic: [PATCH v6 04/11] libavformat/asfdec: Fixing get_tag Thread-Index: AQHXuneH1LUrVoSWM0GByKev5ll04g== Date: Wed, 6 Oct 2021 06:00:57 +0000 Message-ID: References: <04c4183da3bb06cba3013b35c928876c5c8959f6.1633499980.git.softworkz@hotmail.com> <7e6f65bafd8a5d426f72aaddb1766040255f1d9d.1633499980.git.softworkz@hotmail.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [bTiBb1ArPXZmDzeza1E/OqqpCNw/WhMc] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 24277f1a-c215-4667-5824-08d9888eaa6f x-ms-traffictypediagnostic: MN2PR04MB6253: x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: U3s6pS/jJ5czUo/4B3qNKx3PS2OrQzdVgtW+1kxgeYzFbewSDqfKofn4f4GXBRPCPyt9drRaIV1wFrH6ERRIgUvx4EtnWjS8Y8a6Y3+QBjm9ks7ZnmVPKHYueOTTxhnxKfYlptaF/IviKFhoERGCSacQ6tEWLqaXlziwjiYyZxt5uAV9ynh+ItsTMpiu85Zsw9r9KQWIJuRhWgjUdmN4uDli0fwFNipkZBhuc6jw8NQJJoAH7pL7Pnc2RDmpQSviZjvdxjYwc0+iPeLUwDPv3Fr56HHw/UBm6lLi7iQamecUJpttfUPVwAsr/yvqoaJBsW0ivT3NS0QnS5F9z/TiFbOcm2XokQUeRSjXuuvJVL6XzL4P2AVJUIqSoOBC27QhIQXQzvw520y04Gth3AVcm+MLIWjAqyPIy79RKhWnUiwqYcPh+IUs6AV/VNUgdHrl x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: l0OYZT1wWL4WN0U2d0fbimK+JyjNPlSdjIfG7HZN4Ta3NpbnBUNdu7bIXVZYHgY7i10jIWpxkvdixEbncywopGonPVZcMCjD0LMymb3gZNtJ+WnMfRbySZt2e11JuLobCo69mBHIKna04rCumcKs1Q== x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: sct-15-20-3174-20-msonline-outlook-529c7.templateTenant X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN2PR04MB5981.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 24277f1a-c215-4667-5824-08d9888eaa6f X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Oct 2021 06:00:57.5063 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR04MB6253 Subject: [FFmpeg-devel] [PATCH v6 04/11] libavformat/asfdec: Fixing get_tag X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: AtBm3VkjtH+0 These three are closely related and can't be separated easily: In get_tag, the code was adding 22 bytes (in order to allow it to hold 64bit numbers as string) to the value len for creating creating a buffer. This was unnecessarily imposing a size-constraint on the value_len parameter. The code in get_tag, was limiting the maximum value_len to half the size of INT32. This was applied for all value types, even though it is required only in case of ASF_UNICODE, not for any other ones (like ASCII). get_tag was always allocating a buffer regardless of the datatype, even though this isn't required in case of ASF_BYTE_ARRAY The check for the return value from ff_asf_handle_byte_array() being >0 is removed here because the log message is emitted by the function itself now. Signed-off-by: softworkz --- libavformat/asfdec_f.c | 54 +++++++++++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 14 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index 29b429fee9..58c424b565 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -221,37 +221,63 @@ static uint64_t get_value(AVIOContext *pb, int type, int type2_size) static void get_tag(AVFormatContext *s, const char *key, int type, uint32_t len, int type2_size) { ASFContext *asf = s->priv_data; - char *value = NULL; int64_t off = avio_tell(s->pb); -#define LEN 22 - - av_assert0((unsigned)len < (INT_MAX - LEN) / 2); + char *value = NULL; + uint64_t required_bufferlen; + int buffer_len; if (!asf->export_xmp && !strncmp(key, "xmp", 3)) goto finish; - value = av_malloc(2 * len + LEN); + switch (type) { + case ASF_UNICODE: + required_bufferlen = (uint64_t)len * 2 + 1; + break; + case -1: // ASCII + required_bufferlen = (uint64_t)len + 1; + break; + case ASF_BYTE_ARRAY: + ff_asf_handle_byte_array(s, key, len); + goto finish; + case ASF_BOOL: + case ASF_DWORD: + case ASF_QWORD: + case ASF_WORD: + required_bufferlen = 22; + break; + case ASF_GUID: + required_bufferlen = 33; + break; + default: + required_bufferlen = len; + break; + } + + if (required_bufferlen > INT32_MAX) { + av_log(s, AV_LOG_VERBOSE, "Unable to handle values > INT32_MAX in tag %s.\n", key); + goto finish; + } + + buffer_len = (int)required_bufferlen; + + value = av_malloc(buffer_len); if (!value) goto finish; switch (type) { case ASF_UNICODE: - avio_get_str16le(s->pb, len, value, 2 * len + 1); + avio_get_str16le(s->pb, len, value, buffer_len); break; - case -1: // ASCI - avio_read(s->pb, value, len); - value[len]=0; + case -1: // ASCII + avio_read(s->pb, value, buffer_len - 1); + value[buffer_len - 1] = 0; break; - case ASF_BYTE_ARRAY: - if (ff_asf_handle_byte_array(s, key, len) > 0) - av_log(s, AV_LOG_VERBOSE, "Unsupported byte array in tag %s.\n", key); - goto finish; case ASF_BOOL: case ASF_DWORD: case ASF_QWORD: case ASF_WORD: { uint64_t num = get_value(s->pb, type, type2_size); - snprintf(value, LEN, "%"PRIu64, num); + snprintf(value, buffer_len, "%"PRIu64, num); break; } case ASF_GUID: