From patchwork Sat Oct 31 14:16:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 23299 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 5359E44B01B for ; Sat, 31 Oct 2020 16:16:42 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1125468AB04; Sat, 31 Oct 2020 16:16:42 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com [209.85.221.67]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 31F0768AA83 for ; Sat, 31 Oct 2020 16:16:34 +0200 (EET) Received: by mail-wr1-f67.google.com with SMTP id b3so3578828wrx.11 for ; Sat, 31 Oct 2020 07:16:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:reply-to:mime-version :content-transfer-encoding; bh=+P3kLmuMbzoAXNsIblX6hjxCJ5j32HY/bvcI5rCjJj4=; b=G3z1+t+MKShH/8Xoe+LoQ+lkHctBVUWT9AIyIoNaxedopk2x04NcbJgxuMh+/jglHZ 17ro88Sbit+tMxRHYuMOLf5PAYhH8Yk3egp3q6rHcMfwlG5/5PIU/eZNACWSkLUlzY1k zEVm2JUKIpqrqJQuV7TDS1mbDIu+A5Z1PxkcpWBzAq+vf45bqzImz3aA2fzeFQvCiq8O V7a8hgpJDkiBK7NAvyJBYUMZ4xGl3igK78g5E9FuKbAD9mLfE+iA+P3I7QZDh0wXcgR7 Z/rgR+MQKteUuirBpKbSL/k2V6E0eZKgFn4HTdlyVSynYMEENeeyJeVydpQdPmqV3eF5 xvZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:reply-to :mime-version:content-transfer-encoding; bh=+P3kLmuMbzoAXNsIblX6hjxCJ5j32HY/bvcI5rCjJj4=; b=R6+q4RD2qJ3TFHnH3VGnnZvgshj1Vexod1L1/01iwBOL69D75aMq4dpDhawjJGQVkw Kzi2ZFH964/BuYeYxzA9xbSiat6TVkKfyC6HTfPNT+KQjWp3q3XjiTzV/gWs48n3oIbx WdUgSZ8n3Y3fRpTk5ch/LAaR1zbs63Q12o/XtPuhrjPqHDLGSm6hMHkOt9vQ+Dx36Nme n0vVnZ1Ugyu/aVdEtB3OOJe0CaFbVf0i77p2ilKVMveccDpG+l+PnhtdjsqdibxOv08d TKYwbyp/AJmDLnl25WEChsEk+uwvm0jRXLddd4dB/U1xD/aybQwhD6FsW7Prnce4FR7I JI3w== X-Gm-Message-State: AOAM531v61/bPbrNe985F/EqnrC1dFqAxIZY7na/cegBf4a9bVi6jXu+ FpMt67oXHxM2NzgME8alaUHVB4qQSZA= X-Google-Smtp-Source: ABdhPJwNowL36vkARGMziCV5HzW9fvCbV1/nbfkaYsjtfn9owX+JweYlETlYoAtQdY+ufUxllef7zg== X-Received: by 2002:adf:dd8d:: with SMTP id x13mr9654015wrl.398.1604153793113; Sat, 31 Oct 2020 07:16:33 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1aa4b.dynamic.kabel-deutschland.de. [188.193.170.75]) by smtp.gmail.com with ESMTPSA id r1sm15522273wro.18.2020.10.31.07.16.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 31 Oct 2020 07:16:32 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sat, 31 Oct 2020 15:16:23 +0100 Message-Id: <20201031141626.727000-1-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH v3 1/4] avformat/apngdec: Return error for incomplete header X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" If avio_read() could read anything, it returns the number of bytes read, even if it could not read as much as the caller desired. apng_read_header() only checked the return value of its avio_read() calls for being negative and this meant that it was possible for an incomplete header to not be detected. The return value of the last successfull call has been returned instead. This commit changes this. Fixes: OOM Fixes: 26608/clusterfuzz-testcase-minimized-ffmpeg_dem_APNG_fuzzer-4839491644424192 Signed-off-by: Andreas Rheinhardt --- libavformat/apngdec.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavformat/apngdec.c b/libavformat/apngdec.c index 0f1d04a365..23d7e15393 100644 --- a/libavformat/apngdec.c +++ b/libavformat/apngdec.c @@ -138,7 +138,7 @@ static int append_extradata(AVCodecParameters *par, AVIOContext *pb, int len) par->extradata = new_extradata; par->extradata_size = new_size; - if ((ret = avio_read(pb, par->extradata + previous_size, len)) < 0) + if ((ret = ffio_read_size(pb, par->extradata + previous_size, len)) < 0) return ret; return previous_size; @@ -185,10 +185,10 @@ static int apng_read_header(AVFormatContext *s) AV_WL32(st->codecpar->extradata+4, tag); AV_WB32(st->codecpar->extradata+8, st->codecpar->width); AV_WB32(st->codecpar->extradata+12, st->codecpar->height); - if ((ret = avio_read(pb, st->codecpar->extradata+16, 9)) < 0) - goto fail; + if ((ret = ffio_read_size(pb, st->codecpar->extradata + 16, 9)) < 0) + return ret; - while (!avio_feof(pb)) { + while (1) { if (acTL_found && ctx->num_play != 1) { int64_t size = avio_size(pb); int64_t offset = avio_tell(pb); From patchwork Sat Oct 31 14:16:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 23300 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id A7DB544B236 for ; Sat, 31 Oct 2020 16:17:03 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8F03068AF83; Sat, 31 Oct 2020 16:17:03 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com [209.85.221.68]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 2EEF7687FA8 for ; Sat, 31 Oct 2020 16:16:57 +0200 (EET) Received: by mail-wr1-f68.google.com with SMTP id n15so9518776wrq.2 for ; Sat, 31 Oct 2020 07:16:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=XlcWUcPW2QSTScLU9irhi2u2wgcCOCBZ4zN/OcVtmSA=; b=iKBnAPwWxK+Vin7X5wgFGb7cN1ObfW+exIL0plPXEJ6PmMf1TEGW8N8Uuk6Go+NXh4 vlZ9qKiigmTlfBgIGg1HG7IZt9rlxXI2WUpAs2nf30EcbccEl2Qgxlf1X1tR+x6wLqx7 4S4E4kZfLNx7LqxSHn/G2kp5dgbS6veyEwukGwXlb+Gbya/TZ/KC6huxq2lNnIStnfZm tHrclux+odqF4ENMV/a4YfKGC3afeNNd/A2sx6PfzW8o2YIkhoW5qwjkun9buS/gKKHp 2tElVx+KdNN69IrUGaAE+xPK39eEd4wB9iNB7bJWBZoxMvn7L/jXOjeTh2IwlnOXiYcV PfZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:reply-to:mime-version:content-transfer-encoding; bh=XlcWUcPW2QSTScLU9irhi2u2wgcCOCBZ4zN/OcVtmSA=; b=CrQKmCuv1M5dKkwPkssMZq2uNf1BrFU0n6RdddO+4TzheLKe+Gfl/vGlcxXj1N0ZCF VnTEZMrGVvqS72rNPXejMawZxqHHdciqkpuyf5P4VbRo6Z4zHy9zyQSOnXrLSbGevkG7 i7VQ/z34l9lSrWRSYGtcZPoJxe6hTBDEJZ7717ZbSlAQratsMd3N/xT9z/nyYZdJYxox Qt1bHLMEIru82tQL/jWjbhcF5V6bHy4BpeJZIAqMnGRQRMgLPEO9l9sCGhMcLBO/eKCa PvaudR87i7zrbaCTP1DyWB4wQV1j7TSmkxN3qv7dilM1xjd4Xf+wPUJTjIWOgJczP8rZ AQ2Q== X-Gm-Message-State: AOAM532vEXCFGQUXRa5DiVT8moNRedI4Yu8a8UXdFTVOf3D7SMDTbBNo 7epQ6gArSs8s3vSgN+OBDIhY3ANIr6o= X-Google-Smtp-Source: ABdhPJwQw2jmnJvLEjFxJh+hQmmKZLARYP+EGFu77bDEUOacev+mwTr7BqriOw20X+JgMXeqQEDEHQ== X-Received: by 2002:adf:e643:: with SMTP id b3mr9652303wrn.408.1604153816461; Sat, 31 Oct 2020 07:16:56 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1aa4b.dynamic.kabel-deutschland.de. [188.193.170.75]) by smtp.gmail.com with ESMTPSA id r1sm15522273wro.18.2020.10.31.07.16.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 31 Oct 2020 07:16:55 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sat, 31 Oct 2020 15:16:24 +0100 Message-Id: <20201031141626.727000-2-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201031141626.727000-1-andreas.rheinhardt@gmail.com> References: <20201031141626.727000-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH v3 2/4] avformat/apngdec: Fix size/overflow checks X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" apng data consists of parts containing a small header (including a four-byte size field) and a data part; the size field does not account for everything and is actually twelve bytes short of the actual size. In order to make sure that the size fits into an int, the size field is checked for being > INT_MAX; yet this does not account for the + 12 and upon conversion to int (which happens when calling append_extradata()), the size parameter can still wrap around. In this case the currently used check would lead to undefined signed integer overflow. Furthermore, append_extradata() appends the new data to the already existing extradata and therefore needs to make sure that the combined size of new and old data as well as padding fits into an int. The check used for this is "if (old_size > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE - new_size)". If new_size is > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE the right side becomes negative if the types are signed (as they are now); yet changing this to "if (new_size > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE - old_size)" is better as this also works for unsigned types (where it is of course presumed that INT_MAX is replaced by the corresponding maximum for the new type). Both of these issues have been fixed. Signed-off-by: Andreas Rheinhardt --- libavformat/apngdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/apngdec.c b/libavformat/apngdec.c index 23d7e15393..d8d0de190f 100644 --- a/libavformat/apngdec.c +++ b/libavformat/apngdec.c @@ -127,7 +127,7 @@ static int append_extradata(AVCodecParameters *par, AVIOContext *pb, int len) int new_size, ret; uint8_t *new_extradata; - if (previous_size > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE - len) + if (len > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE - previous_size) return AVERROR_INVALIDDATA; new_size = previous_size + len; @@ -208,7 +208,7 @@ static int apng_read_header(AVFormatContext *s) goto fail; len = avio_rb32(pb); - if (len > 0x7fffffff) { + if (len > INT_MAX - 12) { ret = AVERROR_INVALIDDATA; goto fail; } From patchwork Sat Oct 31 14:16:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 23301 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 65F7F44AFC7 for ; Sat, 31 Oct 2020 16:23:56 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4E3CF68AA85; Sat, 31 Oct 2020 16:23:56 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 47A1468A2B6 for ; Sat, 31 Oct 2020 16:23:50 +0200 (EET) Received: by mail-wm1-f65.google.com with SMTP id w23so5302154wmi.4 for ; Sat, 31 Oct 2020 07:23:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=k15yuao1N5frC9YyJDZiPgqvbheISGrsv5U3Una8gkQ=; b=TWDitGBYWFoYCL2zLgkcva8FnNMs/PMQByWXYqqSvdzjTrk7uI5BKcaW7IGH5NIMmv wLcW543nWXI5ktBJVkUiyJxJh6ldHp7qXYU11acZoc+lojSCtvfemxVGXMeecQ1CvSZ+ fMgLty2UyOgxBlJv5C6e/uZh8jYEvxS4wl7Pf/hkMHMauwPwZVqkeRSdsfmMLYq+k3Oa CJi16Gybju+DfrHoee4O5vta49hjcESk8s/Ap1giyFmNDjoHLLFUOydDI5wBPd181f/T CJ/9C78YfV26PPyNSy8h8NtszL2McvHdYuu0iipiTzp/PHUByOhXc5fXSh02SVMs6dXD Kwsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:reply-to:mime-version:content-transfer-encoding; bh=k15yuao1N5frC9YyJDZiPgqvbheISGrsv5U3Una8gkQ=; b=WdvBgM1YLZr1S2yFcCnoZ9hqVdJMDZsNdsD7MX5ewrGaFLyXQv/Bo+ym0Zkrbtpqbg 6UXW32ymOlPZBPWczfyiVzqtUVpoCrxz45A02NUmsVrifMPajegtIsdcLZl0QWj7Z8hp ElcN7gBeUqHmAvoEb2tfM/zRz+69c7uEydoy0uien7Zw+SsOLXjCECGNBUbhM14qXkDE bww72BQjze10ua7tgnqSzcGKVMplfRJ7YIEN9MCy2hMfUxMXd3ZntkpLCpphSfJH5lSV PS1bgBjnKJ8BYGfHdiu9l0cpDSteFDn7QIPxPUY705IC3jytimChPzNETKY4XZBpPnIA lVGQ== X-Gm-Message-State: AOAM532++xlpnbQWRvQIVbgBZK8UkTJIEbhY2zfsYkqmnFkZpwV5QkLt pDLhCxhNIKzKTLsnGcV2hYG+7BSRqbg= X-Google-Smtp-Source: ABdhPJzZ3VeUDKbAKSshblPHb4epGUET+CECa76s/gkxk5EgQWel2mgj5UuL31r4rj6v1Sy54u+W4Q== X-Received: by 2002:a7b:cbc3:: with SMTP id n3mr8537569wmi.68.1604153817366; Sat, 31 Oct 2020 07:16:57 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1aa4b.dynamic.kabel-deutschland.de. [188.193.170.75]) by smtp.gmail.com with ESMTPSA id r1sm15522273wro.18.2020.10.31.07.16.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 31 Oct 2020 07:16:56 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sat, 31 Oct 2020 15:16:25 +0100 Message-Id: <20201031141626.727000-3-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201031141626.727000-1-andreas.rheinhardt@gmail.com> References: <20201031141626.727000-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH v3 3/4] avformat/apngdec: Check fcTL chunk length when reading header X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Reading the header terminates when an fcTL chunk is encountered in which case read_header returned success without checking the length of said chunk. Yet when read_packet processes this chunk, it checks for the length to be 26 and errors out otherwise. So do so when reading the header, too. Signed-off-by: Andreas Rheinhardt --- libavformat/apngdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/apngdec.c b/libavformat/apngdec.c index d8d0de190f..6b2ce2e251 100644 --- a/libavformat/apngdec.c +++ b/libavformat/apngdec.c @@ -226,7 +226,7 @@ static int apng_read_header(AVFormatContext *s) ctx->num_frames, ctx->num_play); break; case MKTAG('f', 'c', 'T', 'L'): - if (!acTL_found) { + if (!acTL_found || len != 26) { ret = AVERROR_INVALIDDATA; goto fail; } From patchwork Sat Oct 31 14:16:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 23303 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 8AABE44B86B for ; Sat, 31 Oct 2020 16:24:54 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6EBCE68AB33; Sat, 31 Oct 2020 16:24:54 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 993456881E5 for ; Sat, 31 Oct 2020 16:24:52 +0200 (EET) Received: by mail-wm1-f65.google.com with SMTP id c9so3770750wml.5 for ; Sat, 31 Oct 2020 07:24:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=1HzkH2Ug5Oo4zoaDX2zFsTpMMl0NOMTYxwgeOVKYp3g=; b=GuLavGHRwibHhfjbie2mLS8q1KoRGj5A3kR1HplW6FKU6BHLQeCei/Hid+LimmAYPz 2XhkjA7FzKzyqy7xhFWrFbbDHCv3zQ/wsA4nE/86uDx18Ec2lswjzaRi688aS+4FU1I5 LOHPNBGzaSeQKgHYfrM+sqAV0gZ/gzCv0sP1U72eyo7hKcno+GGDGyO9IIgR8e9ilRW1 6+/9V73Ae5NGXCrLHxtb3oSP3OyOzalKN+3i8pzIZroofaxZ3xZ95ByC4qL5mz8qg1kQ owl6fBzO/wL1dXG6bm4KzCdH0Y2t8wEtpLQunUjRfBAE3D4OHQQDLYQou5Skofuh4+yC gmVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:reply-to:mime-version:content-transfer-encoding; bh=1HzkH2Ug5Oo4zoaDX2zFsTpMMl0NOMTYxwgeOVKYp3g=; b=e8eReq2X6X/a6rPAk4fcWOHSR3T+76YbTsOFFkC2Ny1/eZYGqUiaYytMkvcfxY7jYv fJ0GZkVGzeUnKtRKTfGo8RvvBFVwT6yKrjPuFn8FrDv6Syvpx1f3TY6WW4G3FQur1gDZ DBOi/sXJrvsaRf00ihrzYSh7J3VqYvWvu4Kn1+vsepWDY/vPmLlGeeJ1Q3Vgh8R79nvM eWHRACxp+T8QI0PAoELn5LyKbmNWqG0OahIandGJnBquwsAoXeLXeSl3gpOdOQny6Hvf DyejXgGM+oa1NzeTAGq9cM/HO3/bf9xg1MoAXKlRwdiyHaLwzQz249nvqyF0hKWcRqQI rS7A== X-Gm-Message-State: AOAM5320Z/i1gZeWU4MyranTeIiMfZYAP90N2WZbw2dSolyS0fOHuHht j1vxY+lEFAu58pLGM51KSyfOJmA5K5I= X-Google-Smtp-Source: ABdhPJxjzgPKAqjIDECaqolyf2wKOg/7W/V8LA/zsy/i3mVeTXgp+KVav4f3ve9p6kGj5U+1nwMlRQ== X-Received: by 2002:a1c:9c51:: with SMTP id f78mr8764949wme.189.1604153818292; Sat, 31 Oct 2020 07:16:58 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1aa4b.dynamic.kabel-deutschland.de. [188.193.170.75]) by smtp.gmail.com with ESMTPSA id r1sm15522273wro.18.2020.10.31.07.16.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 31 Oct 2020 07:16:57 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sat, 31 Oct 2020 15:16:26 +0100 Message-Id: <20201031141626.727000-4-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201031141626.727000-1-andreas.rheinhardt@gmail.com> References: <20201031141626.727000-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH v3 4/4] avformat/apngdec: Remove goto fail that does nothing X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Signed-off-by: Andreas Rheinhardt --- libavformat/apngdec.c | 32 ++++++++++++-------------------- 1 file changed, 12 insertions(+), 20 deletions(-) diff --git a/libavformat/apngdec.c b/libavformat/apngdec.c index 6b2ce2e251..bf8343faf3 100644 --- a/libavformat/apngdec.c +++ b/libavformat/apngdec.c @@ -151,17 +151,17 @@ static int apng_read_header(AVFormatContext *s) uint32_t len, tag; AVStream *st; int acTL_found = 0; - int64_t ret = AVERROR_INVALIDDATA; + int64_t ret; /* verify PNGSIG */ if (avio_rb64(pb) != PNGSIG) - return ret; + return AVERROR_INVALIDDATA; /* parse IHDR (must be first chunk) */ len = avio_rb32(pb); tag = avio_rl32(pb); if (len != 13 || tag != MKTAG('I', 'H', 'D', 'R')) - return ret; + return AVERROR_INVALIDDATA; st = avformat_new_stream(s, NULL); if (!st) @@ -193,11 +193,9 @@ static int apng_read_header(AVFormatContext *s) int64_t size = avio_size(pb); int64_t offset = avio_tell(pb); if (size < 0) { - ret = size; - goto fail; + return size; } else if (offset < 0) { - ret = offset; - goto fail; + return offset; } else if ((ret = ffio_ensure_seekback(pb, size - offset)) < 0) { av_log(s, AV_LOG_WARNING, "Could not ensure seekback, will not loop\n"); ctx->num_play = 1; @@ -205,20 +203,18 @@ static int apng_read_header(AVFormatContext *s) } if ((ctx->num_play == 1 || !acTL_found) && ((ret = ffio_ensure_seekback(pb, 4 /* len */ + 4 /* tag */)) < 0)) - goto fail; + return ret; len = avio_rb32(pb); - if (len > INT_MAX - 12) { - ret = AVERROR_INVALIDDATA; - goto fail; - } + if (len > INT_MAX - 12) + return AVERROR_INVALIDDATA; tag = avio_rl32(pb); switch (tag) { case MKTAG('a', 'c', 'T', 'L'): if ((ret = avio_seek(pb, -8, SEEK_CUR)) < 0 || (ret = append_extradata(st->codecpar, pb, len + 12)) < 0) - goto fail; + return ret; acTL_found = 1; ctx->num_frames = AV_RB32(st->codecpar->extradata + ret + 8); ctx->num_play = AV_RB32(st->codecpar->extradata + ret + 12); @@ -227,21 +223,17 @@ static int apng_read_header(AVFormatContext *s) break; case MKTAG('f', 'c', 'T', 'L'): if (!acTL_found || len != 26) { - ret = AVERROR_INVALIDDATA; - goto fail; + return AVERROR_INVALIDDATA; } if ((ret = avio_seek(pb, -8, SEEK_CUR)) < 0) - goto fail; + return ret; return 0; default: if ((ret = avio_seek(pb, -8, SEEK_CUR)) < 0 || (ret = append_extradata(st->codecpar, pb, len + 12)) < 0) - goto fail; + return ret; } } - -fail: - return ret; } static int decode_fctl_chunk(AVFormatContext *s, APNGDemuxContext *ctx, AVPacket *pkt)