diff mbox series

[FFmpeg-devel,v3,01/11] libavformat/asf: fix handling of byte array length values

Message ID b5c56bf5d0556458f1eb23af5cee268ff6a95311.1651978882.git.ffmpegagent@gmail.com
State New
Headers show
Series libavformat/asf: fix handling of byte array length values | expand


Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 success Make fate finished
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished

Commit Message

Aman Karmani May 8, 2022, 3:01 a.m. UTC
From: softworkz <softworkz@hotmail.com>

The spec allows attachment sizes of up to UINT32_MAX while
we can handle only sizes up to INT32_MAX (in downstream

The debug.assert in get_tag didn't really address this,
and truncating the value_len in calling methods cannot
be used because the length value is required in order to
continue parsing. This adds a check with log message in
ff_asf_handle_byte_array to handle those (rare) cases.

Signed-off-by: softworkz <softworkz@hotmail.com>
 libavformat/asf.c | 8 +++++++-
 libavformat/asf.h | 2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)
diff mbox series


diff --git a/libavformat/asf.c b/libavformat/asf.c
index 1ac8b5f078..650f55ac3d 100644
--- a/libavformat/asf.c
+++ b/libavformat/asf.c
@@ -267,12 +267,18 @@  static int get_id3_tag(AVFormatContext *s, int len)
 int ff_asf_handle_byte_array(AVFormatContext *s, const char *name,
-                             int val_len)
+                             uint32_t val_len)
+    if (val_len > INT32_MAX) {
+        av_log(s, AV_LOG_VERBOSE, "Unable to handle byte arrays > INT32_MAX  in tag %s.\n", name);
+        return 1;
+    }
     if (!strcmp(name, "WM/Picture")) // handle cover art
         return asf_read_picture(s, val_len);
     else if (!strcmp(name, "ID3")) // handle ID3 tag
         return get_id3_tag(s, val_len);
+    av_log(s, AV_LOG_DEBUG, "Unsupported byte array in tag %s.\n", name);
     return 1;
diff --git a/libavformat/asf.h b/libavformat/asf.h
index 01cc4f7a46..4d28560f56 100644
--- a/libavformat/asf.h
+++ b/libavformat/asf.h
@@ -111,7 +111,7 @@  extern const AVMetadataConv ff_asf_metadata_conv[];
  *         is unsupported by this function and 0 otherwise.
 int ff_asf_handle_byte_array(AVFormatContext *s, const char *name,
-                             int val_len);
+                             uint32_t val_len);