diff mbox

[FFmpeg-devel] avformat/mov: fix return code for trun box with no sample entries

Message ID dc565e94-98ef-a505-430f-e41802cd3e19@gyani.pro
State New
Headers show

Commit Message

Gyan Doshi July 20, 2019, 6:32 p.m. UTC
Affected files can now be demuxed. Verified with John Stebbins. FATE passes.

Gyan
From 48175cd745f8abd0546487907c4596550e3c73bf Mon Sep 17 00:00:00 2001
From: Gyan Doshi <ffmpeg@gyani.pro>
Date: Sat, 20 Jul 2019 23:44:14 +0530
Subject: [PATCH] avformat/mov: fix return code for trun box with no sample
 entries

A value of zero for sample_count in trun box is not
prohibited by 14496-12 section 8.8.8. 4a9d32baca
disallowed this which led the demuxer to error out
when reading the header of valid files.
---
 libavformat/mov.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Comments

Paul B Mahol July 21, 2019, 8:51 a.m. UTC | #1
On 7/20/19, Gyan <ffmpeg@gyani.pro> wrote:
>
> Affected files can now be demuxed. Verified with John Stebbins. FATE
> passes.
>
> Gyan
>

You removed negative check, so not ok.
Gyan Doshi July 21, 2019, 9:50 a.m. UTC | #2
On 21-07-2019 02:21 PM, Paul B Mahol wrote:
> On 7/20/19, Gyan <ffmpeg@gyani.pro> wrote:
>> Affected files can now be demuxed. Verified with John Stebbins. FATE
>> passes.
>>
>> Gyan
>>
> You removed negative check, so not ok.

entries is unsigned (in the code as well as in the standard). So the 
value read from file will be >= 0. Even after adjustment for index size 
overflow, it cannot become negative.

Gyan
Paul B Mahol July 22, 2019, 7:20 a.m. UTC | #3
On 7/21/19, Gyan <ffmpeg@gyani.pro> wrote:
>
>
> On 21-07-2019 02:21 PM, Paul B Mahol wrote:
>> On 7/20/19, Gyan <ffmpeg@gyani.pro> wrote:
>>> Affected files can now be demuxed. Verified with John Stebbins. FATE
>>> passes.
>>>
>>> Gyan
>>>
>> You removed negative check, so not ok.
>
> entries is unsigned (in the code as well as in the standard). So the
> value read from file will be >= 0. Even after adjustment for index size
> overflow, it cannot become negative.

OK then

>
> Gyan
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
Gyan Doshi July 22, 2019, 5:18 p.m. UTC | #4
On 22-07-2019 12:50 PM, Paul B Mahol wrote:
> On 7/21/19, Gyan <ffmpeg@gyani.pro> wrote:
>>
>> On 21-07-2019 02:21 PM, Paul B Mahol wrote:
>>> On 7/20/19, Gyan <ffmpeg@gyani.pro> wrote:
>>>> Affected files can now be demuxed. Verified with John Stebbins. FATE
>>>> passes.
>>>>
>>>> Gyan
>>>>
>>> You removed negative check, so not ok.
>> entries is unsigned (in the code as well as in the standard). So the
>> value read from file will be >= 0. Even after adjustment for index size
>> overflow, it cannot become negative.
> OK then
Pushed as d51d71c1e3a6a225a5bc8f35963b50331e479b1a after moving check to 
after overflow check.

Thanks,
Gyan
diff mbox

Patch

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 327a25bbdf..ea26d78d91 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -4776,13 +4776,14 @@  static int mov_read_trun(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     distance = 0;
     av_log(c->fc, AV_LOG_TRACE, "first sample flags 0x%x\n", first_sample_flags);
 
+    if (entries == 0)
+        return 0;
+
     // realloc space for new index entries
     if((uint64_t)st->nb_index_entries + entries >= UINT_MAX / sizeof(AVIndexEntry)) {
         entries = UINT_MAX / sizeof(AVIndexEntry) - st->nb_index_entries;
         av_log(c->fc, AV_LOG_ERROR, "Failed to add index entry\n");
     }
-    if (entries <= 0)
-        return -1;
 
     requested_size = (st->nb_index_entries + entries) * sizeof(AVIndexEntry);
     new_entries = av_fast_realloc(st->index_entries,