From patchwork Sat May 2 06:33:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: rcombs X-Patchwork-Id: 19424 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 13EFF44A8B2 for ; Sat, 2 May 2020 09:33:46 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id DBDF668C273; Sat, 2 May 2020 09:33:45 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from so254-54.mailgun.net (so254-54.mailgun.net [198.61.254.54]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A2B4D68C106 for ; Sat, 2 May 2020 09:33:38 +0300 (EEST) DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=rcombs.me; q=dns/txt; s=mx; t=1588401219; h=Content-Transfer-Encoding: MIME-Version: Message-Id: Date: Subject: To: From: Sender; bh=4npXxRZHxt821ipAmy6FLphtKOBbNQwX5KtGXtQPD5w=; b=KrPlklUbf0AhoufJTZZOx6p3Yctpsvvh62jNBD8VzW2EqSUdSqLN30eBi4uIbm9L2EdqabR0 +9gYuK7ICRAOEtvBdOqZ97nMlyc7MFxlRD9xnvXJ0cgY/fEakyYTWEN2fYn5JcM7qN312e2H B4y7P7nQTPQwGfhSKf5Gcs6CApc= X-Mailgun-Sending-Ip: 198.61.254.54 X-Mailgun-Sid: WyJiZDU1MSIsICJmZm1wZWctZGV2ZWxAZmZtcGVnLm9yZyIsICJiMGJhIl0= Received: from Rodgers-MBP.localdomain (Unknown [24.14.135.13]) by mxa.mailgun.org with ESMTP id 5ead143d.7f31747ed570-smtp-out-n05; Sat, 02 May 2020 06:33:33 -0000 (UTC) From: rcombs To: ffmpeg-devel@ffmpeg.org Date: Sat, 2 May 2020 01:33:25 -0500 Message-Id: <20200502063325.57841-1-rcombs@rcombs.me> X-Mailer: git-send-email 2.24.1 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] lavf/dashdec: support larger manifests X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" --- libavformat/dashdec.c | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/libavformat/dashdec.c b/libavformat/dashdec.c index 5ba7feb245..bde4b0846d 100644 --- a/libavformat/dashdec.c +++ b/libavformat/dashdec.c @@ -29,6 +29,8 @@ #include "dash.h" #define INITIAL_BUFFER_SIZE 32768 +#define MAX_MANIFEST_SIZE 50 * 1024 +#define DEFAULT_MANIFEST_SIZE 8 * 1024 struct fragment { int64_t url_offset; @@ -1220,7 +1222,7 @@ static int parse_manifest(AVFormatContext *s, const char *url, AVIOContext *in) int close_in = 0; uint8_t *new_url = NULL; int64_t filesize = 0; - char *buffer = NULL; + AVBPrint buf; AVDictionary *opts = NULL; xmlDoc *doc = NULL; xmlNodePtr root_element = NULL; @@ -1254,24 +1256,23 @@ static int parse_manifest(AVFormatContext *s, const char *url, AVIOContext *in) } filesize = avio_size(in); - if (filesize <= 0) { - filesize = 8 * 1024; + if (filesize > MAX_MANIFEST_SIZE) { + av_log(s, AV_LOG_ERROR, "Manifest too large: %"PRId64"\n", filesize); + return AVERROR_INVALIDDATA; } - buffer = av_mallocz(filesize); - if (!buffer) { - av_free(c->base_url); - return AVERROR(ENOMEM); - } + av_bprint_init(&buf, (filesize > 0) ? filesize + 1 : DEFAULT_MANIFEST_SIZE, AV_BPRINT_SIZE_UNLIMITED); - filesize = avio_read(in, buffer, filesize); - if (filesize <= 0) { - av_log(s, AV_LOG_ERROR, "Unable to read to offset '%s'\n", url); - ret = AVERROR_INVALIDDATA; + if ((ret = avio_read_to_bprint(in, &buf, MAX_MANIFEST_SIZE)) < 0 || + !avio_feof(in) || + (filesize = buf.len) == 0) { + av_log(s, AV_LOG_ERROR, "Unable to read to manifest '%s'\n", url); + if (ret == 0) + ret = AVERROR_INVALIDDATA; } else { LIBXML_TEST_VERSION - doc = xmlReadMemory(buffer, filesize, c->base_url, NULL, 0); + doc = xmlReadMemory(buf.str, filesize, c->base_url, NULL, 0); root_element = xmlDocGetRootElement(doc); node = root_element; @@ -1394,7 +1395,7 @@ cleanup: } av_free(new_url); - av_free(buffer); + av_bprint_finalize(&buf, NULL); if (close_in) { avio_close(in); }