From patchwork Mon Dec 6 12:21:42 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yy X-Patchwork-Id: 32060 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:cd86:0:0:0:0:0 with SMTP id d128csp4543223iog; Mon, 6 Dec 2021 04:21:59 -0800 (PST) X-Google-Smtp-Source: ABdhPJzg/C/KckCDsyRQBEHhyNwzLxNh2jES+baTSEGJUAsu8mQWa5W0agIYMbRGM4RjKhbuXpaz X-Received: by 2002:a17:907:2ce1:: with SMTP id hz1mr44428764ejc.96.1638793319701; Mon, 06 Dec 2021 04:21:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1638793319; cv=none; d=google.com; s=arc-20160816; b=twAovhzH5SZV5b9y8fZflv/dMvMI6Sj38dCIKjbe642KqTHv/zKhjwCXfdAoMJvMfL naQl/OMEDyS/+VLEw+dvjZ7dv++wmYxAVvH1A7GcHfV9DcrT3L0Rg729MWYsaQYxzK0V Kp+MBccRBoJpjcUvAeJk69HSAjOuQUPGK/U+zURIBRFarBbYO9PgKAxoMdnAFOVHML6V dqe7kV1PNylvAmFIzb8ey5UgAjaSgvHW+zXxb+jFGF2bP8/WB/I+JQ3TjJvE1lR1Pg8t e+QRlISYxKpViiXC5TXk0PdaAQath0kinAejOjt+tvDBIJJnHBhbvedmlpR2Mgg2/HVt GTpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=Mp3nTgkYJJP6taNeYWELLT8OIBNgFpqRPkpV6TuQw+o=; b=jfBDyEXm4znb9DRQXwfh3ReaAeO+PQPUq4XDDR+5IjZPlomCnR9B0ZIxwaQq/iV6LV VETUjkrXWCE99paT7+cXBw2kYjj5PpcTrVvty1LI3eP2AO6twCGOt0gJRQPKwUUjF0LE sQzu95PaJGSv960pbvvQlNTtIcUsuiWFZZHB3umC7DBpBsyOkiZqbljYIU4C37fS56V6 Eh07uEirrhtnwMJdk1HATQpvIeWclQ81SrYTcyarOJOAhQlTH4MdYKCzNHufC5GXksaP o6FlnRzLpTrY/ZzcYF78FdhDZ4QPJQqZOgYE5/XfQwcUu3eEOO1NPS1YmkyKN+9MRZd5 IzQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@163.com header.s=s110527 header.b=ET74qMdu; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=163.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id gk1si20215058ejc.48.2021.12.06.04.21.58; Mon, 06 Dec 2021 04:21:59 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@163.com header.s=s110527 header.b=ET74qMdu; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=163.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0E0BB68ACAB; Mon, 6 Dec 2021 14:21:55 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from m12-13.163.com (m12-13.163.com [220.181.12.13]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0467868AA67 for ; Mon, 6 Dec 2021 14:21:47 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=ghZEU VEKYCODh3XAGw/on07xES6s5g1BCZ+Qx/H5p14=; b=ET74qMduldIlUGees/BBQ ZNWxuAP9j6190KQfy1aMSltzLhmnnbYTqT9lXdK2tNthFZCpThwK0u9VrzTAXJqs chO14f+7if+eONbqihIadc22kQPb+cM9e/A4GaDLfZcRBJGg10t65WIiqcxUBXfI ado81rr3c9NSR/Yre8B0v4= Received: from localhost.localdomain (unknown [103.107.216.232]) by smtp9 (Coremail) with SMTP id DcCowAAXs4RZAK5hs4iLAg--.58344S2; Mon, 06 Dec 2021 20:21:45 +0800 (CST) From: Yu Yang To: ffmpeg-devel@ffmpeg.org Date: Mon, 6 Dec 2021 20:21:42 +0800 Message-Id: <20211206122142.84235-1-young_chelsea@163.com> X-Mailer: git-send-email 2.33.1 MIME-Version: 1.0 X-CM-TRANSID: DcCowAAXs4RZAK5hs4iLAg--.58344S2 X-Coremail-Antispam: 1Uf129KBjvJXoWxJF1fKrWrCrWxKr4UKr17Wrg_yoWruryfpr 1rKrnxJFnrJFyfZrWDCw4kGF45J395G3W5ta1S93yUJa4vgrZ7Gr42k34Y9rWjqr9xKw12 kr1UGw4UG3WxGw7anT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0puXHL5UUUUU= X-Originating-IP: [103.107.216.232] X-CM-SenderInfo: x1rx0wpbfkvzxvhdqiywtou0bp/1tbiEw9hSmE13NanzwABsA Subject: [FFmpeg-devel] [PATCH] libswresample/swresamplec: Err num(negative-size) was used as a function parameter X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: TOTE Robot , Yu Yang Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: T3b45Xa2LnJi If cannot allocate memory, ERROR(ENOMEM) '-12' as a parameter will be constantly being returned. When run resample() firstly, negative size param would cause buffer-overflow and SEGV in swri_rematrix(). When run swri_rematrix() firstly, resample() would not cause error but Err num as a wrong parameter passing. Err num should be returned immediately. And remove assert to ensure the return of the error code. coredump info: #0 0x499517 in posix_memalign (/home/r1/ffmpeg/ffmpeg_4.4.1+0x499517) #1 0x6c1f0b4 in av_malloc /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/mem.c:86:9 #2 0x6c208fe in av_mallocz /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/mem.c:239:17 #3 0x6c207ad in av_mallocz_array /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/mem.c:195:12 #4 0x654b2e5 in swri_realloc_audio /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libswresample/swresample.c:418:14 #5 0x654f9a1 in swr_convert_internal /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libswresample/swresample.c:601:17 #6 0x654d2c0 in swr_convert /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libswresample/swresample.c:766:19 #7 0x186cf56 in flush_frame /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/af_aresample.c:251:13 #8 0x186a454 in request_frame /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/af_aresample.c:288:20 #9 0x787d9c in ff_request_frame_to_filter /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/avfilter.c:459:15 #10 0x7877f1 in forward_status_change /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/avfilter.c:1257:19 #11 0x77ed7e in ff_filter_activate_default /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/avfilter.c:1288:20 #12 0x77e4e1 in ff_filter_activate /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/avfilter.c:1441:11 #13 0x793b3f in ff_filter_graph_run_once /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/avfiltergraph.c:1403:12 #14 0x7a7bee in get_frame_internal /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/buffersink.c:131:19 #15 0x7a7287 in av_buffersink_get_frame_flags /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/buffersink.c:142:12 #16 0x792888 in avfilter_graph_request_oldest /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/avfiltergraph.c:1356:17 #17 0x5d07df in transcode_from_filter /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4639:11 #18 0x59e557 in transcode_step /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4729:20 #19 0x593970 in transcode /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4805:15 #20 0x58f7a4 in main /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:5010:9 #21 0x7f6fd2dee0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16 SUMMARY: AddressSanitizer: negative-size-param (/home/r1/ffmpeg/ffmpeg_4.4.1+0x497e67) in __asan_memcpy Reported-by: TOTE Robot Signed-off-by: Yu Yang --- libswresample/swresample.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libswresample/swresample.c b/libswresample/swresample.c index c03fe5528f..92ab6a9148 100644 --- a/libswresample/swresample.c +++ b/libswresample/swresample.c @@ -644,6 +644,8 @@ static int swr_convert_internal(struct SwrContext *s, AudioData *out, int out_co if(s->resample_first){ if(postin != midbuf) out_count= resample(s, midbuf, out_count, postin, in_count); + if (out_count < 0) + return out_count; if(midbuf != preout) swri_rematrix(s, preout, midbuf, out_count, preout==out); }else{ @@ -651,6 +653,8 @@ static int swr_convert_internal(struct SwrContext *s, AudioData *out, int out_co swri_rematrix(s, midbuf, postin, in_count, midbuf==out); if(midbuf != preout) out_count= resample(s, preout, out_count, midbuf, in_count); + if (out_count < 0) + return out_count; } if(preout != out && out_count){ @@ -769,7 +773,7 @@ int attribute_align_arg swr_convert(struct SwrContext *s, if(ret>0 && !s->drop_output) s->outpts += ret * (int64_t)s->in_sample_rate; - av_assert2(max_output < 0 || ret < 0 || ret <= max_output); + av_assert2(max_output < 0 || ret <= max_output); return ret; }else{