From patchwork Thu Sep 30 02:58:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Soft Works X-Patchwork-Id: 30680 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:6506:0:0:0:0:0 with SMTP id z6csp213635iob; Wed, 29 Sep 2021 19:59:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyZAnEfvHil27+fsD7MlPYOes54L2Z3dF2ZzwuSo1huygK+2mIf3k6XQVgIYB2olwKHUteJ X-Received: by 2002:a17:906:d057:: with SMTP id bo23mr3921319ejb.208.1632970746784; Wed, 29 Sep 2021 19:59:06 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 5si1871499eji.566.2021.09.29.19.59.06; Wed, 29 Sep 2021 19:59:06 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@hotmail.com header.s=selector1 header.b=omUvD6ZF; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hotmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id BB52968A7A1; Thu, 30 Sep 2021 05:58:49 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam08olkn2055.outbound.protection.outlook.com [40.92.46.55]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 5C3CF68A76F for ; Thu, 30 Sep 2021 05:58:47 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=n1ZMuq1Hw8Cr6FWfIFCyqEVTKYY0QmehiWPrqpAAgnJv4wWPtwiLjDHOZq1z8XVZO20Hhgs8CZoKfOsWmnZFyWeDQSb65hx9MQBpaw3FJ4joUtbBsr8nBXCRG718TbfzZ9C31NzgITBzOqAKTjr8ZTu/yHNP45KTJIufOJkAnClTUUi+WofqL+jmrpMpMhSXclUpj/62jUtYZL4On6wRAOzFVPT0TzvfcZlyExC1PK4wsS24QhhtsoMfLjZ+Ld1k4nD6hTFFoEQJYUiKHmymcJy/Cwri48TgoRXjZlBcZfS/jx85sXfuiXk99C2MLgacQOr9IC8f6bPJRejcVAudGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=HMxySjeZPi8vddG32T5YyW7pBF1hocF/02/KyfsScVA=; b=kHx8IA3zcyj1RJmlzh0Zs2REhSwfYAWksv+SwV66KSq8kllGDBMILpqluN/ncFiyp70BD9IDU1LUC0P90TzxC0n9tDnfiiE15wghGdtqf/67pYPD5PL5vCk0h5dCZ32ztjY7loE9tpFCAYEsKHa2m0zNPa2uOGQEM1q0Z3N1Kfdusb/Oa58JCP1X30fxtKwA5YzajLo5ar/YYlgSGofcTy3AylzEu5Nf4XaJoWBhOxAEMRcTGXysPAxJ5fNEyLYPMYfBF+kjU81PPxvJhSRAQptpxgMF9nd11LeiURuESEVbXLa3uegxER3oofaEhdyIs1z4camlt02YwYddlL7n4A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HMxySjeZPi8vddG32T5YyW7pBF1hocF/02/KyfsScVA=; b=omUvD6ZFPw2flqF+Wb30EZ6jPFtiL/ED87IXCcKg4BQ+G0+6ZsIhxPXPbZTqW3TsswUeopwIiu4rRVM/guOJvW3djHH7bIvleNKlMlB+KxIdC2KtPde3KQP6aHSAJAsqwyuXmZShZj3n0UQ0AsfnbtbY8bD5XaP5EtvOH48Zfj7w07/miJgjdSWpiBh1+o3Qp2Dnp108UZbeAMNS1/ecou9CPjMc39kPdC5lZUWUVwv4shIo5uLLF6pQ1p8ozLVoiCfFGPdGeCJSA7W/CoMStpYx3WQ4+kCuuiEdhrgm2NwnH6lBYucATWaHe1WXC5BtsSSEnnctDkBsR67LmZwd/g== Received: from MN2PR04MB5981.namprd04.prod.outlook.com (2603:10b6:208:da::10) by MN2PR04MB5503.namprd04.prod.outlook.com (2603:10b6:208:e4::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.13; Thu, 30 Sep 2021 02:58:44 +0000 Received: from MN2PR04MB5981.namprd04.prod.outlook.com ([fe80::ecfe:2528:2012:22cb]) by MN2PR04MB5981.namprd04.prod.outlook.com ([fe80::ecfe:2528:2012:22cb%5]) with mapi id 15.20.4544.022; Thu, 30 Sep 2021 02:58:44 +0000 From: Soft Works To: "ffmpeg-devel@ffmpeg.org" Thread-Topic: [PATCH v5 4/7] libavformat/asfdec: Fixing get_tag Thread-Index: AQHXtacVL6r3UgdghkuFYi+Q6UTa4w== Date: Thu, 30 Sep 2021 02:58:44 +0000 Message-ID: References: <988b43f9e7b04db23321657dd44ef8d769bea1e2.1632970597.git.softworkz@hotmail.com> In-Reply-To: <988b43f9e7b04db23321657dd44ef8d769bea1e2.1632970597.git.softworkz@hotmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [JR5hpf2LNa+pO2jauBWyX0xXqyVMCWRA] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7fa0acfc-ac77-4b26-762c-08d983be378c x-ms-traffictypediagnostic: MN2PR04MB5503: x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: f7SQnrxWqqIhYY3z3MQorfzxEU7mol8GsJtYP961kXZZ5Mrj/7JvFfI+6law/1Y8yH1JLACNjDAnEFq3R0dVPugha20wILfHSYI1zRjangGdcELVSACir2vpaTiq+rQ0mmcmYS7UTS6Eb/7ir1MMaHgMOmFcmB+IBUDNij82i1uBCDLzRsYijAmYZ4IcopSoukWg/lNzQ5gPB/+6F8IAe1fOa9mi7qCL+opXaCLS0wH6lwuccsTfa+4TiRNTrsR5RaxinxF/zi//2x4TW4mZiBMQ4gZZvxjSj2ECHsaB1xHITOubIyp7FW8NeAbLrqiy/5p4giexGZHPTOLvoVyDjcy17flO3SbvKv5+BMvHG9vhM1OwG+6BvSIJ4082hG/bGFQi3pqM7cFEfREHZvjtmZ+i6EzTmiR4/MNwoRCRUPiRExAV0J2mFR5Jb4vUqGcp x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: XLO1luMHpAaE49vdzdL0NudRsN1WRbbE2C/kbLdY8Cl1Qw59I7VoyVZp1D/ZEEQB63McEbpjrSQLeDx+/B87hODXsGsrUxsKOK4YPRevAXWXIL9aKIKrlsl/ZNmKJTd8a3vqkkILB+pgfI+nvzbzAg== x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: sct-15-20-3174-20-msonline-outlook-529c7.templateTenant X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN2PR04MB5981.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 7fa0acfc-ac77-4b26-762c-08d983be378c X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Sep 2021 02:58:44.8213 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR04MB5503 Subject: [FFmpeg-devel] [PATCH v5 4/7] libavformat/asfdec: Fixing get_tag X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: 0m02zTBQTR/a These three are closely related and can't be separated easily: In get_tag, the code was adding 22 bytes (in order to allow it to hold 64bit numbers as string) to the value len for creating creating a buffer. This was unnecessarily imposing a size-constraint on the value_len parameter. The code in get_tag, was limiting the maximum value_len to half the size of INT32. This was applied for all value types, even though it is required only in case of ASF_UNICODE, not for any other ones (like ASCII). get_tag was always allocating a buffer regardless of the datatype, even though this isn't required in case of ASF_BYTE_ARRAY The check for the return value from ff_asf_handle_byte_array() being >0 is removed here because the log message is emitted by the function itself now. Signed-off-by: softworkz --- v5: Split into pieces as requested libavformat/asfdec_f.c | 50 ++++++++++++++++++++++++++++++++---------- 1 file changed, 38 insertions(+), 12 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index d017fae019..d35eec7082 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -221,37 +221,63 @@ static uint64_t get_value(AVIOContext *pb, int type, int type2_size) static void get_tag(AVFormatContext *s, const char *key, int type, uint32_t len, int type2_size) { ASFContext *asf = s->priv_data; - char *value = NULL; int64_t off = avio_tell(s->pb); -#define LEN 22 - - av_assert0((unsigned)len < (INT_MAX - LEN) / 2); + char *value = NULL; + uint64_t required_bufferlen; + int buffer_len; if (!asf->export_xmp && !strncmp(key, "xmp", 3)) goto finish; - value = av_malloc(2 * len + LEN); + switch (type) { + case ASF_UNICODE: + required_bufferlen = (uint64_t)len * 2 + 1; + break; + case -1: // ASCII + required_bufferlen = (uint64_t)len + 1; + break; + case ASF_BYTE_ARRAY: + ff_asf_handle_byte_array(s, key, len); + goto finish; + case ASF_BOOL: + case ASF_DWORD: + case ASF_QWORD: + case ASF_WORD: + required_bufferlen = 22; + break; + case ASF_GUID: + required_bufferlen = 33; + break; + default: + required_bufferlen = len; + break; + } + + if (required_bufferlen > INT32_MAX) { + av_log(s, AV_LOG_VERBOSE, "Unable to handle values > INT32_MAX in tag %s.\n", key); + goto finish; + } + + buffer_len = (int)required_bufferlen; + + value = av_malloc(buffer_len); if (!value) goto finish; switch (type) { case ASF_UNICODE: - avio_get_str16le(s->pb, len, value, 2 * len + 1); + avio_get_str16le(s->pb, len, value, buffer_len); break; - case -1: // ASCI + case -1: // ASCII avio_read(s->pb, value, len); value[len]=0; break; - case ASF_BYTE_ARRAY: - if (ff_asf_handle_byte_array(s, key, len) > 0) - av_log(s, AV_LOG_VERBOSE, "Unsupported byte array in tag %s.\n", key); - goto finish; case ASF_BOOL: case ASF_DWORD: case ASF_QWORD: case ASF_WORD: { uint64_t num = get_value(s->pb, type, type2_size); - snprintf(value, LEN, "%"PRIu64, num); + snprintf(value, buffer_len, "%"PRIu64, num); break; } case ASF_GUID: