From patchwork Sat Aug 7 23:25:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Soft Works X-Patchwork-Id: 29337 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:6c0f:0:0:0:0:0 with SMTP id a15csp1668490ioh; Sat, 7 Aug 2021 16:26:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzZFDsDA8BCfTf9xC9B/o3G//CdJ5oStDIo+q5mLGzFckEAOf/WIybf9BxADbQVhSVWogiw X-Received: by 2002:a17:906:9bf1:: with SMTP id de49mr16289016ejc.480.1628378759850; Sat, 07 Aug 2021 16:25:59 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id t14si2339547edr.573.2021.08.07.16.25.58; Sat, 07 Aug 2021 16:25:59 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@hotmail.com header.s=selector1 header.b=rhDa6QlS; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hotmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id BB01668A302; Sun, 8 Aug 2021 02:25:54 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12olkn2061.outbound.protection.outlook.com [40.92.22.61]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 2C66A68A242 for ; Sun, 8 Aug 2021 02:25:48 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Xe+gBBHSov/LgIXkwUP1LNu4hOOpc9xpvBgZAdNTuXA9khSKJ7XZ0yXCmkgIFohYpph0u20g1Q3mwk9FKUN1S3WOLICEDh7YYRHMPqyVL5sYRZcusjt780SJHgv6ip7gcKpWu5UWxh9LG9DjFd1RRErGdnJn58VoTDjwpswpMlUw6R6JEVgU6YKJ/5g7Ugl+pUKyIBILe9PlUouNeMbHLSenFIlZqeH59KF/j+YNop5WB0rnmXbeVt0lLdrhSi9IXruGjYXNaNzPQxjVrAwlb8/R3OzE7KvtN7CqDlmpLcbh16diJsR7hvfvZNaysb18aDPcjgFkdcZbUgcj2z585Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iz7T+MHW/ZNnxQkRHxLtmI1MEp07eTJluwoCvD4CmS0=; b=j8Nj2NiqfLyPm7Chyyjc0BDHMD2cGxmpkjW1pSvbKOW3BYqJdwnonXjBJGSqwCZNe9rW9KpjRukqllHg4tPOUi8c8Lclit7u4XuJpf0VQtO6c4vRFB5bb14/4f2qdteCH58heOUBqjppOnPWveBr5BeMp7sfblKxlP95Mx9xnQ0XlanKpYIBkMzQEAKf6BDnQw9xPSVrYLQlna8M53F9KbOHX6zE3k0jV0ItqmibgNUPK6zts/aN6dUgj+XEJgna/OsrgsONmOo/mytCjSJ7U/wcMl6qxFZ1dvibR0EXh77txTX+/q0nf9oW/ZlmHbou9TvUMN4ypCt8pvubX7WA9A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iz7T+MHW/ZNnxQkRHxLtmI1MEp07eTJluwoCvD4CmS0=; b=rhDa6QlSIYkM9ZTK4fbbrAnCao8Pe4hdBg9YRCNtOaD6hC+jZVkWJL5T9YH0cjgjqjOdv+2v5Lb7diEX5WEV0CC0zu85WsSNZr7vQhw5ZrJ90MWjRa1xefov/WEElnc8REVuP4LxxbyYdNxgd8gGi18NCY1VPX/hT88yEnnpnatv9aq5LZgU0IQt2ckyGzpGvbehycQZl7tf/04ejlP3iCGkmwBLn5s1eRT+gp+ipe/kSRANMMOXyn1LeRes/jBCSN3gSNmpRcpZsmI+gQD16JExhyED+/m9cBo3Nyun+oMBAhnZpjuKjl0VpaePr4J1TfW5rqLSSk8UrIFF4uQG8w== Received: from MN2PR04MB5981.namprd04.prod.outlook.com (2603:10b6:208:da::10) by MN2PR04MB5712.namprd04.prod.outlook.com (2603:10b6:208:3c::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.21; Sat, 7 Aug 2021 23:25:45 +0000 Received: from MN2PR04MB5981.namprd04.prod.outlook.com ([fe80::5d83:1c26:c2b1:3a30]) by MN2PR04MB5981.namprd04.prod.outlook.com ([fe80::5d83:1c26:c2b1:3a30%6]) with mapi id 15.20.4394.021; Sat, 7 Aug 2021 23:25:45 +0000 From: Soft Works To: "ffmpeg-devel@ffmpeg.org" Thread-Topic: [PATCH] libavformat/asfdec: Fix regression bug when reading image attachments Thread-Index: AdeL41wdezT+YJl+QSa5R0B9V6v0Sg== Date: Sat, 7 Aug 2021 23:25:45 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [u37jane4nh7eNjowir/SDmPeXwQlgzFs] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 576c5268-2fed-479e-01ab-08d959faae7c x-ms-traffictypediagnostic: MN2PR04MB5712: x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: oByn1pjDl/5UuUPtliDwLX5y3IYn/uUtMqq6V1g5gfdotZmIbdAIVhKi0lknpYzUUxaLAWEmSIYy9HFYBUxmPz0bttgHfY9mTRX1x/4Jx8KV7fqZPIk+6LlSCu4YRFAD/446dvrnJ5CJzN1TL0kGa7ZBHnHqTM1LN2X6iAJbLEM36Mz3jOzJ1XaN0BuWEupM0zdCgNqrRZ23M81OMIwUNs84H3GjO9qfHdEaH/BeMUe7Lc5iYhkFg1fIPs/FKSs6/PWmoETwP3P6vRMmsqi568flBR+eMQXFdTCm59P7R+/1X0hqGzbl4oiSRX/Vg1ULNUzQtAorquZhgcH44+g+xKv+ux4hx9ZdgDfWGcailEhL64NAh7fxv0otCa0PFy3/9hcTdH7Tl59JV9omn+vS0g9GZawOQwu0R+0di4yKgEyK68sOByqzZ+R1EsbR7IJ1 x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: M+ZLf1F5pO+H8uklQBl7UfLVchaK0HzpuwaPnMCrEqMFYYrdTsxWGADXAFiYpOzYiQ93vY72JtmamUisNT14H20QS5i+p9CcZTGesxSfUHyIkloA+rv7t7mkOaNYboXkl0rjCm3YrptNGY9/MFZ6tA== x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: sct-15-20-3174-20-msonline-outlook-529c7.templateTenant X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN2PR04MB5981.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 576c5268-2fed-479e-01ab-08d959faae7c X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Aug 2021 23:25:45.2884 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR04MB5712 Subject: [FFmpeg-devel] [PATCH] libavformat/asfdec: Fix regression bug when reading image attachments X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: kipeIvAUPE39 Commit c8140fe7324f264faacf7395b27e12531d1f13f7 had introduced a check for value_len > UINT16_MAX. As a consequence, attached images of sizes larger than UINT16_MAX could no longer be read. Signed-off-by: softworkz --- libavformat/asfdec_f.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index f784e62996..708331637e 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -707,7 +707,8 @@ static int asf_read_metadata(AVFormatContext *s, int64_t size) { AVIOContext *pb = s->pb; ASFContext *asf = s->priv_data; - int n, stream_num, name_len_utf16, name_len_utf8, value_len; + int n, stream_num, name_len_utf16, name_len_utf8; + unsigned int value_len; int ret, i; n = avio_rl16(pb); @@ -721,7 +722,7 @@ static int asf_read_metadata(AVFormatContext *s, int64_t size) value_type = avio_rl16(pb); /* value_type */ value_len = avio_rl32(pb); - if (value_len < 0 || value_len > UINT16_MAX) + if (value_len > INT32_MAX) return AVERROR_INVALIDDATA; name_len_utf8 = 2*name_len_utf16 + 1; @@ -743,7 +744,7 @@ static int asf_read_metadata(AVFormatContext *s, int64_t size) if(stream_num < 128) asf->dar[stream_num].den = aspect_y; } else { - get_tag(s, name, value_type, value_len, 16); + get_tag(s, name, value_type, (int)value_len, 16); } av_freep(&name); }