From patchwork Wed Aug 5 23:33:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 21505 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id D456B44932F for ; Thu, 6 Aug 2020 02:34:16 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A970568B9C3; Thu, 6 Aug 2020 02:34:16 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ej1-f48.google.com (mail-ej1-f48.google.com [209.85.218.48]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A137768B84A for ; Thu, 6 Aug 2020 02:34:09 +0300 (EEST) Received: by mail-ej1-f48.google.com with SMTP id d6so34422384ejr.5 for ; Wed, 05 Aug 2020 16:34:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=qgtQaN3JwNgaq7TyTxYurDS4B80b3G3HjRZZmzjYFWY=; b=dwjM/uaSnWUzMLc5xIUs7TNhpBpuhfNPNJH2zIyweVjefFP5yU6IODlgr8YI1AC63P YLewusisYm1n0V9+/qrPrGe5qn57Ry3FwHp+ofDLWlWCf/3vWPmhTKsnpw/AQzkKBmr4 AzTOc5ouvTWhJ9i0FeFoSsbNJpRkrHjS297cFs+QH5rmyu3twpKZLTqL6XYN+7Jk7Kkf fBMhO7bksdoGIau9EAsny6yKlLx8KK7zyBopnuuqXz23rCKhY9mylnB2+jIkKsgBh7SS hu/C5w3RFx3Edu2FzUJJHIr+DtZ1G0B+YZhuT4mF2OAjiOgKquPpu7BX72ftR7m04PgM XvrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=qgtQaN3JwNgaq7TyTxYurDS4B80b3G3HjRZZmzjYFWY=; b=HPYAxvzejkFM1aJ6VYT/EryVLDJHbHlOTNswhxx9uDfOMR4DC7dYNHGqyIdsUsH3RL hUSGWXOwruUnKbMtVoCSFqVbXq2OnviiAdy1W8HIZyV93rQtc8sMNHUuOVeQTcu1UO3h VQS4HcwxNZMrN7IxjS47d8N7eDJR3k/7vLw2ttpJJ4xJYsYV5aZ8ZURMb7qALfrtEJnl eSRHfUArbNge3yjt6/LCekxnm6E1uLRtk0NwiTpq88JBi78ZsuwIWthEo2FNZXMuw6ra GWNgWy/Oxw7m1jaaXlJ3LWilzlAZN5qQH8XxxT09G63CkfjzchJ023f0CeXsEl9GYLA7 UJ+A== X-Gm-Message-State: AOAM533lHJ6fKI+LjCs+JhhM28JSdOy8C7yDSz0zSOgAz4EddCA9mvni 0iW+SZlF6L7SYBBqaA7+4i1LcrVe X-Google-Smtp-Source: ABdhPJzmfMSOkqud60nRsn1+K8usajVEbSsoCUnqvfrao0vUL8hBQl5c+9FD9VTTLwLwZas3iTdXGw== X-Received: by 2002:a17:906:68da:: with SMTP id y26mr1659053ejr.250.1596670448716; Wed, 05 Aug 2020 16:34:08 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc10296.dynamic.kabel-deutschland.de. [188.193.2.150]) by smtp.gmail.com with ESMTPSA id d19sm2447208ejk.47.2020.08.05.16.34.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Aug 2020 16:34:07 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Thu, 6 Aug 2020 01:33:56 +0200 Message-Id: <20200805233358.31711-1-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 1/3] avformat/vividas: Check return value before storing it in smaller type X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Signed-off-by: Andreas Rheinhardt --- libavformat/vividas.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/libavformat/vividas.c b/libavformat/vividas.c index b0f9f35ac2..708adc8801 100644 --- a/libavformat/vividas.c +++ b/libavformat/vividas.c @@ -432,19 +432,20 @@ static int track_index(VividasDemuxContext *viv, AVFormatContext *s, uint8_t *bu AVIOContext pb0, *pb = &pb0; int i; int64_t filesize = avio_size(s->pb); + uint64_t n_sb_blocks_tmp; ffio_init_context(pb, buf, size, 0, NULL, NULL, NULL, NULL); ffio_read_varlen(pb); // track_index_len avio_r8(pb); // 'c' - viv->n_sb_blocks = ffio_read_varlen(pb); - if (viv->n_sb_blocks < 0 || viv->n_sb_blocks > size / 2) + n_sb_blocks_tmp = ffio_read_varlen(pb); + if (n_sb_blocks_tmp > size / 2) goto error; - viv->sb_blocks = av_calloc(viv->n_sb_blocks, sizeof(VIV_SB_block)); + viv->sb_blocks = av_calloc(n_sb_blocks_tmp, sizeof(*viv->sb_blocks)); if (!viv->sb_blocks) { - viv->n_sb_blocks = 0; return AVERROR(ENOMEM); } + viv->n_sb_blocks = n_sb_blocks_tmp; off = 0; poff = 0; From patchwork Wed Aug 5 23:33:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 21506 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 7BFED44A95F for ; Thu, 6 Aug 2020 02:40:40 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 539FB68B9D6; Thu, 6 Aug 2020 02:40:40 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ed1-f67.google.com (mail-ed1-f67.google.com [209.85.208.67]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id BDAD268B868 for ; Thu, 6 Aug 2020 02:40:34 +0300 (EEST) Received: by mail-ed1-f67.google.com with SMTP id b18so2656551edv.10 for ; Wed, 05 Aug 2020 16:40:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=eKY9Oxcny7hg0XLQagW79tRXa4U8IePmV1iGs3tj+aY=; b=gOHiqvYl0lq78/6X+ZXctCE9vLHyqKDEIx1B65WdXPDRv9Zmoh9XuU9NUl+1XC1J2b zMa7mNTzW0uVPiaAy54iL6AKYN901TQlV6AXkeKJVNk02IOKP4KjdLTOMi3TtHECHz2d BYv5/CMZ7TZbNEbiBvBSM8hgEtyu093ArTe6p0NRtQo6bfCkLP7YsSFdtvw1MG4s/l/h xuA5sF8VJi8PYNY/puoe+InTB+QrmZtvSjw1zlAxJMlULNcEVJYagBBJTPyTS8zwPP13 3gbv8+ZMABD89WGqvPd6lhmHQsg8Pcc2VRokTEYwRNRe61gaxoaml4BtDSAg1/E657+/ vqeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=eKY9Oxcny7hg0XLQagW79tRXa4U8IePmV1iGs3tj+aY=; b=M386QgvBu+6+CIfV9YuNagyPLpJELa2xRusx2W3urfLQx3wgiZorHJc2wxFCPCqICV eDA3JKPYiqehD3AXGyA1QukqS2WOni0Oh4/5eZiplM5fg5AWpNFT83XN+BaCw2zgQChw jbWE9izxfWhhXUX+i6dm+NGq3sHUBlIrOrxCRA/zyvWkegmwZJipNQGw7tz7RB71z4eM csK96pTiaVLuv27fAOm1S3aXDQjhlKWZ8dafxrcuRATpIJ/0J9jVwT/AAqs0lHUUWuDm jw3ulkB4WP7n02RaGxaCKICygnIsI5tCfTqxuf10Py8ez6mPYf0kxxaD3qNiyzioctzD +G6g== X-Gm-Message-State: AOAM533JZ0cUUBUwkdugsSFqhFW1N12+aDyaPgBpyP7c/tfO6f20k3am 2XEtvM/PNZEftxMXPVATlTeXIGUc X-Google-Smtp-Source: ABdhPJwfPS6E263hqsoU166cHV+iKe2iU2SDmN+Zjc2rHlqsxizruiDk5Sl6KRueR3Dg2BbRqlHjWQ== X-Received: by 2002:a17:906:6bda:: with SMTP id t26mr1758705ejs.214.1596670471750; Wed, 05 Aug 2020 16:34:31 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc10296.dynamic.kabel-deutschland.de. [188.193.2.150]) by smtp.gmail.com with ESMTPSA id d19sm2447208ejk.47.2020.08.05.16.34.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Aug 2020 16:34:31 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Thu, 6 Aug 2020 01:33:57 +0200 Message-Id: <20200805233358.31711-2-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200805233358.31711-1-andreas.rheinhardt@gmail.com> References: <20200805233358.31711-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 2/3] avformat/vividas: Check allocation for success X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Signed-off-by: Andreas Rheinhardt --- libavformat/vividas.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/libavformat/vividas.c b/libavformat/vividas.c index 708adc8801..36c007b0d2 100644 --- a/libavformat/vividas.c +++ b/libavformat/vividas.c @@ -440,7 +440,7 @@ static int track_index(VividasDemuxContext *viv, AVFormatContext *s, uint8_t *bu avio_r8(pb); // 'c' n_sb_blocks_tmp = ffio_read_varlen(pb); if (n_sb_blocks_tmp > size / 2) - goto error; + return AVERROR_INVALIDDATA; viv->sb_blocks = av_calloc(n_sb_blocks_tmp, sizeof(*viv->sb_blocks)); if (!viv->sb_blocks) { return AVERROR(ENOMEM); @@ -455,7 +455,7 @@ static int track_index(VividasDemuxContext *viv, AVFormatContext *s, uint8_t *bu uint64_t n_packets_tmp = ffio_read_varlen(pb); if (size_tmp > INT_MAX || n_packets_tmp > INT_MAX) - goto error; + return AVERROR_INVALIDDATA; viv->sb_blocks[i].byte_offset = off; viv->sb_blocks[i].packet_offset = poff; @@ -471,15 +471,13 @@ static int track_index(VividasDemuxContext *viv, AVFormatContext *s, uint8_t *bu } if (filesize > 0 && poff > filesize) - goto error; + return AVERROR_INVALIDDATA; viv->sb_entries = av_calloc(maxnp, sizeof(VIV_SB_entry)); + if (!viv->sb_entries) + return AVERROR(ENOMEM); return 0; -error: - viv->n_sb_blocks = 0; - av_freep(&viv->sb_blocks); - return AVERROR_INVALIDDATA; } static void load_sb_block(AVFormatContext *s, VividasDemuxContext *viv, unsigned expected_size) @@ -608,7 +606,7 @@ static int viv_read_header(AVFormatContext *s) ret = track_index(viv, s, buf, v); av_free(buf); if (ret < 0) - return ret; + goto fail; viv->sb_offset = avio_tell(pb); if (viv->n_sb_blocks > 0) { @@ -619,6 +617,9 @@ static int viv_read_header(AVFormatContext *s) } return 0; +fail: + av_freep(&viv->sb_blocks); + return ret; } static int viv_read_packet(AVFormatContext *s, From patchwork Wed Aug 5 23:33:58 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 21507 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id BCF7044ABA6 for ; Thu, 6 Aug 2020 03:04:42 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 95CC068B9BF; Thu, 6 Aug 2020 03:04:42 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-lj1-f193.google.com (mail-lj1-f193.google.com [209.85.208.193]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 2E55B68B655 for ; Thu, 6 Aug 2020 03:04:36 +0300 (EEST) Received: by mail-lj1-f193.google.com with SMTP id i10so14946666ljn.2 for ; Wed, 05 Aug 2020 17:04:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=5L88LygUBMAbzM6EjWDP8GbAUwmNxMxSLjzZHB+oofQ=; b=j2km1YJjRQ4i6zW/7jvPPWHp8PXnbSLP6fQgKgwyirRj31H31b21/qd5EArjUJpmey QYmfOnM9U2ZAYqTlnTYmNxAWx7/HqdK/Me6eDUGuBXVsZlpRnckSR2XTd05WEeFp2hom SqTgtKlaTd5IjrXGtNVqR8/wFI+LJVh9ggr7fiwKzCS2K4UYbqgro5ZvrckH9OPiKd7A Hm4dQqCPE4LU7GYm7jzGuoqLqmke97dXph5sCyimX7Hkr2lvSeELbn5pcVw+lm7KS/mV qMZPZysmoCEsvw1QKZdg7aCYSduTH2ozoctqqO/K6MvBki9YrvRlnR08QWDpyeN8VFSD UXUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=5L88LygUBMAbzM6EjWDP8GbAUwmNxMxSLjzZHB+oofQ=; b=AcorWwdZMpIb3WBRk4MjoSqe9fni4MJXsr5/cIxpxcgm2IO3+gRz6n7oDP5cCEQiWM F1cuMy1HE5QCbBIKExO6WqOc0NwEn3eszFpiCiLbb5PQjkeft9VkPtevndHdA/roMUEs VlxwKL1E4I0YJHz8+Ayx65X9Zulk9HXR8hmLNNKWPz5JvqNbhMl1zLccMOf44lye6J0G HIzcf1X0SjmufuQIuJN2ikZXuN9Wg4JPBUP2HxcCOZp6KwQ/fKHzBF+frs5VbuBdXKzI b/apP+FssghPeGSCE8ZXj/raPgFCjHe7ApiqrizvQ9NQU5KdREd8m6068SOPzXPyNdgt IduQ== X-Gm-Message-State: AOAM531BGVDzNKJEpb/2PVHQynax9ZTMUErqxh2MVE1HWdW10QWZELiC EMMaFLG59KR+Mj4UxaMsEjIJD2vr X-Google-Smtp-Source: ABdhPJwmhGw7disQlE8GqYyUOmLEcpcPTC7+QzGCy0efxBm6NnmdsoZ4myVtlkOPHmSlV6QN134GlA== X-Received: by 2002:a17:906:6146:: with SMTP id p6mr1696765ejl.211.1596670472794; Wed, 05 Aug 2020 16:34:32 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc10296.dynamic.kabel-deutschland.de. [188.193.2.150]) by smtp.gmail.com with ESMTPSA id d19sm2447208ejk.47.2020.08.05.16.34.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Aug 2020 16:34:32 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Thu, 6 Aug 2020 01:33:58 +0200 Message-Id: <20200805233358.31711-3-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200805233358.31711-1-andreas.rheinhardt@gmail.com> References: <20200805233358.31711-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 3/3] avformat/sierravmd: Don't return packets for non-existing stream X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" It leads to an assert in ff_read_packet(). Signed-off-by: Andreas Rheinhardt --- libavformat/sierravmd.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/sierravmd.c b/libavformat/sierravmd.c index 531fc41531..40bcb77986 100644 --- a/libavformat/sierravmd.c +++ b/libavformat/sierravmd.c @@ -174,6 +174,8 @@ static int vmd_read_header(AVFormatContext *s) avpriv_set_pts_info(vst, 33, num, den); avpriv_set_pts_info(st, 33, num, den); } + if (!s->nb_streams) + return AVERROR_INVALIDDATA; toc_offset = AV_RL32(&vmd->vmd_header[812]); vmd->frame_count = AV_RL16(&vmd->vmd_header[6]); @@ -241,6 +243,8 @@ static int vmd_read_header(AVFormatContext *s) current_audio_pts++; break; case 2: /* Video Chunk */ + if (!vst) + break; vmd->frame_table[total_frames].frame_offset = current_offset; vmd->frame_table[total_frames].stream_index = vmd->video_stream_index; vmd->frame_table[total_frames].frame_size = size;