From patchwork Thu Mar 18 16:14:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Derek Buitenhuis X-Patchwork-Id: 26448 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id CF9B544B793 for ; Thu, 18 Mar 2021 18:22:03 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B0D1E68A141; Thu, 18 Mar 2021 18:22:03 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ej1-f47.google.com (mail-ej1-f47.google.com [209.85.218.47]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 92FD0687F5A for ; Thu, 18 Mar 2021 18:21:57 +0200 (EET) Received: by mail-ej1-f47.google.com with SMTP id hq27so4872159ejc.9 for ; Thu, 18 Mar 2021 09:21:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=XC3aYmescINbqTiloqv9PaiRXcnDvABvdPbsGxL0SwE=; b=M8fDB70jlDjVtAaLfrI5asvzQ6REOYqrartWjhPjBU+1sq0Ax+lr4Esz4a3FT991kO ywPSZ+bWKudxXLqj6pLfG4Z2wlPzZ4+6xxkpA9STx5QVJGXwVXEDvAEzNyQZ7PfBXfU9 eSdPjl7zUCWYW0oLYme0vOMQw1SvqTpz1ED7H8/wetvehqCCvzWzJCWcbpuGCJ1EwrIQ E0i9kPhAcr86/zrOujIWn9Q8a7fSEhzj+TXLuysx8CoUiLcTcrNrhk/abna029Rpoj7I Bgac5uxpsc5yb4dn5PBgiZHWzMDhKKR1LvBGaL2aXus7jP6J3DJuFEzK8zlFuw5Gp1Is J9XQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=XC3aYmescINbqTiloqv9PaiRXcnDvABvdPbsGxL0SwE=; b=mU/RWRZQD96PN8I4VnWeZs7q4UIjaLbaROmRDhYSaJfXLfwilutip6kIp2e9OOutjK OBm5+6/XQN0GUYm74BZ5Zti9ud3hXdukeXmLm5QH0VUDRcoKBGLD4dqqdpFbgUWUFfEW pYlf+AB7nsP3d265CjKgdIN7bug4vx8zbqyBo+mXLEnDqPP28O6HKJt/iW+BKavzVRQg 34PbqGjUB5G9T71Xvs1iZkssiSLo3rRpJB/asjQeZAhDRzfIH2wu+kUm19cDfKo3sW4x g2hURd7D8lNj4VzV55BE0NPOyo/PtYLNR7KtoIpVheEWXchkNXrj1P0upx2Yd3pPXQas s+cQ== X-Gm-Message-State: AOAM531jT4gaxaoxNINw+HpbRvfWO1pU6eyVoVmoXOxrUwXA9W6HxlhK /2DrErVXH/UGEMoGqzfQr+kv+nQdXp4= X-Google-Smtp-Source: ABdhPJwI0zqOaFjDRO635Cc6CzT/NrRXWZ85/Yp8Tuh8VVpUszSQB3Sa9Q0dYKvhUwgUHHXbLh++WA== X-Received: by 2002:adf:fac1:: with SMTP id a1mr90993wrs.98.1616084104921; Thu, 18 Mar 2021 09:15:04 -0700 (PDT) Received: from localhost.localdomain ([82.129.110.36]) by smtp.gmail.com with ESMTPSA id s3sm2709081wmd.21.2021.03.18.09.15.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Mar 2021 09:15:04 -0700 (PDT) From: Derek Buitenhuis To: ffmpeg-devel@ffmpeg.org Date: Thu, 18 Mar 2021 16:14:55 +0000 Message-Id: <20210318161456.1103652-1-derek.buitenhuis@gmail.com> X-Mailer: git-send-email 2.30.0 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 1/2] avformat/mov: Fix extended atom size buffer length check X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" When extended atom size support was added to probing in fec4a2d232d7ebf6d1084fb568d4d84844f25abc, the buffer size check was backwards, but probing continued to work because there was no minimum size check yet, so despite size being 1 on these atoms, and failing to read the 64-bit size, the tag was still correctly read. When 0b78016b2d7c36b32d07669c0c86bc4b4225ec98 introduced a minimum size check, this exposed the bug, and broke probing any files with extended atom sizes, such as entirely valid large files that start whith mdat atoms. Signed-off-by: Derek Buitenhuis --- libavformat/mov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 97857789f4..33cfb42228 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -7114,7 +7114,7 @@ static int mov_probe(const AVProbeData *p) if ((offset + 8) > (unsigned int)p->buf_size) break; size = AV_RB32(p->buf + offset); - if (size == 1 && offset + 16 > (unsigned int)p->buf_size) { + if (size == 1 && offset + 16 <= (unsigned int)p->buf_size) { size = AV_RB64(p->buf+offset + 8); minsize = 16; } else if (size == 0) { From patchwork Thu Mar 18 16:14:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Derek Buitenhuis X-Patchwork-Id: 26449 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 1F0334492A0 for ; Thu, 18 Mar 2021 18:44:40 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E7BDB68A176; Thu, 18 Mar 2021 18:44:39 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 0E755689AB4 for ; Thu, 18 Mar 2021 18:44:34 +0200 (EET) Received: by mail-wr1-f48.google.com with SMTP id 61so6237446wrm.12 for ; Thu, 18 Mar 2021 09:44:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=HweSCgtDLcUYOsOcXKpqa1aABix/X+tyBoXR2miOhFc=; b=qaYABW37cw2FF6yDPyrqN3JobEM3owjhEZGNf4lWhZaYWMyUJyA8NFxESVL4/CfgpE g0PKZC4XGkQ4z6yr+RDx0UDXC+XzQZ8bU1YB+gDkmh/neHy2VAXQsjxkI06VHuLocAB2 DC7S8EqqX04kjBHWx8Jf4+OAyKOI62/WoYbmjMLjWVJistouak/DoZ6rJZzAEyH9r7Xl nwBuHX2wHfTTsYLW2yfdS+PVq0mt4YPBfqwOb9+CBXOjO8uVIt/dTPwTYx0Qon42Mpb9 l6z848UaZm3N4OGrSM5At90TdgRynXS53/nxYAt3tpILsnGUoTXHrRwaE9r+iJgrUKGa 6vqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=HweSCgtDLcUYOsOcXKpqa1aABix/X+tyBoXR2miOhFc=; b=LCoxyjJMMTS3L83b/eFBPWOw31DkS1klhBszsquv9mJZd+XDud12oWm5MsSoq6DgCW NqZNnRJxqu63nj4UgYoU9JKSVTMm53GMQj1tbDBKXV0btl948/ij+8VeEgyB8Qxa+SjX j+smJMSp3H/OxFjr8uZHpDs3z+bmxolZ+RPgZ3R8t3RCiGww+uPMD2T7XxLdeBd5zi9e scF923205R2Ba8fAP9/rVW0oaHaY1CuPUg6slC7g4MuzHvalKD1ApGQxYKvA3QehPpZX PhvOaJBKDmma2Rfo7r6g947V1ckz/3qptEokIQhrWwdNXRApum3dphR/M2JnWQdK0Gz7 +EPQ== X-Gm-Message-State: AOAM533kJZkJw3WnsWigXTVhmShSFHnIL2Cbf3y1EzcQxzyu3ZxDc2u6 aU0gbu684o+CqrGbQYqrvNDfex3VzBM= X-Google-Smtp-Source: ABdhPJxDskJPqmaWNXHqcp+YPNl6/SLv6z+kW6ZsCZmWPIcK2c2VN32KRM5nR61/03gQadq2Ap0j4Q== X-Received: by 2002:adf:f44b:: with SMTP id f11mr5719wrp.345.1616084105585; Thu, 18 Mar 2021 09:15:05 -0700 (PDT) Received: from localhost.localdomain ([82.129.110.36]) by smtp.gmail.com with ESMTPSA id s3sm2709081wmd.21.2021.03.18.09.15.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Mar 2021 09:15:05 -0700 (PDT) From: Derek Buitenhuis To: ffmpeg-devel@ffmpeg.org Date: Thu, 18 Mar 2021 16:14:56 +0000 Message-Id: <20210318161456.1103652-2-derek.buitenhuis@gmail.com> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210318161456.1103652-1-derek.buitenhuis@gmail.com> References: <20210318161456.1103652-1-derek.buitenhuis@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 2/2] FATE: Add test for probing MOV/MP4 files with extended box sizes X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The test sample has to have no file extension, otherwise probing happens to work, based off file extension alone, and we want to test the actual proobing function. Signed-off-by: Derek Buitenhuis --- I will reply to this email with the sample file in question. --- tests/fate/mov.mak | 3 +++ tests/ref/fate/mov-mp4-extended-atom | 1 + 2 files changed, 4 insertions(+) create mode 100644 tests/ref/fate/mov-mp4-extended-atom diff --git a/tests/fate/mov.mak b/tests/fate/mov.mak index 0fd20fef96..e2dbd6ab10 100644 --- a/tests/fate/mov.mak +++ b/tests/fate/mov.mak @@ -29,6 +29,7 @@ FATE_MOV_FFPROBE = fate-mov-neg-firstpts-discard \ fate-mov-guess-delay-2 \ fate-mov-guess-delay-3 \ fate-mov-mp4-with-mov-in24-ver \ + fate-mov-mp4-extended-atom FATE_MOV_FASTSTART = fate-mov-faststart-4gb-overflow \ @@ -124,3 +125,5 @@ fate-mov-faststart-4gb-overflow: CMP = oneline fate-mov-faststart-4gb-overflow: REF = bc875921f151871e787c4b4023269b29 fate-mov-mp4-with-mov-in24-ver: CMD = run ffprobe$(PROGSSUF)$(EXESUF) -show_entries stream=codec_name -select_streams 1 $(TARGET_SAMPLES)/mov/mp4-with-mov-in24-ver.mp4 + +fate-mov-mp4-extended-atom: CMD = run ffprobe$(PROGSSUF)$(EXESUF) -show_packets -print_format compact -select_streams v $(TARGET_SAMPLES)/mov/extended_atom_size_probe diff --git a/tests/ref/fate/mov-mp4-extended-atom b/tests/ref/fate/mov-mp4-extended-atom new file mode 100644 index 0000000000..9d01abb2f5 --- /dev/null +++ b/tests/ref/fate/mov-mp4-extended-atom @@ -0,0 +1 @@ +packet|codec_type=video|stream_index=0|pts=0|pts_time=0.000000|dts=0|dts_time=0.000000|duration=1001|duration_time=0.033367|size=14798|pos=16|flags=K_