From patchwork Sat May 7 06:29:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 35623 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:a885:b0:7f:4be2:bd17 with SMTP id ca5csp2036055pzb; Fri, 6 May 2022 23:29:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwiFH3bRoqeMUZQ7NYv8Q15UbAbtSXlSCIMGWZtAQHcp5x9f4vdE7OwxQjgFK8MRNqvhEXS X-Received: by 2002:a17:907:a40c:b0:6f4:59cc:ae8b with SMTP id sg12-20020a170907a40c00b006f459ccae8bmr6467566ejc.522.1651904974617; Fri, 06 May 2022 23:29:34 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id gj17-20020a170906e11100b006f4cbc8d876si5886810ejb.568.2022.05.06.23.29.34; Fri, 06 May 2022 23:29:34 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=mq+w2wjy; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9406668B310; Sat, 7 May 2022 09:29:31 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-oln040092065063.outbound.protection.outlook.com [40.92.65.63]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id F117168AFED for ; Sat, 7 May 2022 09:29:24 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UT+xZQcZkkwajFmW+/5ZO37Ubnd/nFJDua7ndfD+0hXS+35WTHinBE8R/Ib5ACPbzSvKvDtNeYsbFmFb9FOCrNNMd5gp4wDEhaUZCqDLtPg7tvu90/y/gVN53hnJQ6utK3TeNinyS1I6J4qifWAgFPzAA0KVfv3ivNZHylX+IHC8RFKIC2FxcUqYjWRPYnBddmN/26VDwyVHj5gKKDDeeWY4XzKRoR1Jj/PMdTiGpPLviIYnd0m8fxz8t49+bPG9yJxdU1frMRnywbEQN/nzkC3uv+Dd+kED0Y4BuQKU5AsOtUwzeozELVygpifdMMj2QJQwE9HGiGNEMTwFJSrjNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8+QSL1PHBwXTo/HRDDeD4eLnWsPfZchFi74msK5fDOw=; b=AJhTOjEAHYGXeVlB3vC9dvXElRziMTpusEmS1qkgVykdYWUuzD8Y5VN9ng6NukVLxjAHPgoGkVk83hZG61veKdLrv+okRcdRZunwhobPn93fb0krN3ZvNSUUJQV55hYLbkoSjGjs8Ftf80dSSuWSy0GPgcUI3vk/WL/jkwEwQNlfMGgEw4EV1nxIDjE7pMzTHbHC+cPs5OvXwHby46EURzyD0PBO3D3K3iN67+zjHo1xMoG0xG9Ilrh9bX4+pDITYTmDqUpgRHIje/Dy1ho/wtTH1YoZukG/e5zq4nTjGgpOBoJzBixMhMVerA28E1+zfpIxTiZ6t088jB3mpDevnA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8+QSL1PHBwXTo/HRDDeD4eLnWsPfZchFi74msK5fDOw=; b=mq+w2wjyg09avQVhWxFUnMqtYTI3y/17AOstV16tl8QmvHsKEp3qHx4aU25QKT2b2twuUrAFD8TZ885rMfiC92Ti22j+XfYlGxXph+WHg7Ejgkeb4eQ3WDc2xk+zZCUh6/z4zSbP2JIwmyl+iLb5LPjIAjz7p9jDDA0jZj029TKrkYRePPog4iiT4bC3Z+cg3xboMeOZQDGanxFAI21NSNQZnTyagmGkgPH2Y1ZdomaddZCOg5ssVuecASxRujkLlmxLYG2qXfob7ILY+T0YBnclHjSo2V2qE41plOvR3wIXe+3+H5z7CDh9hRC93EMjKFibHt7DGfGvtDTthKxtpQ== Received: from AS8PR01MB7944.eurprd01.prod.exchangelabs.com (2603:10a6:20b:373::5) by AM6PR01MB5640.eurprd01.prod.exchangelabs.com (2603:10a6:20b:f7::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5206.24; Sat, 7 May 2022 06:29:22 +0000 Received: from AS8PR01MB7944.eurprd01.prod.exchangelabs.com ([fe80::1854:2c30:7ba1:c431]) by AS8PR01MB7944.eurprd01.prod.exchangelabs.com ([fe80::1854:2c30:7ba1:c431%6]) with mapi id 15.20.5206.024; Sat, 7 May 2022 06:29:22 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sat, 7 May 2022 08:29:13 +0200 Message-ID: X-Mailer: git-send-email 2.32.0 X-TMN: [wlg3DpC4iS6V6dez6RwE+H/tdw37NW1j] X-ClientProxiedBy: ZR0P278CA0150.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:41::14) To AS8PR01MB7944.eurprd01.prod.exchangelabs.com (2603:10a6:20b:373::5) X-Microsoft-Original-Message-ID: <20220507062913.225538-1-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 6f1e2874-98eb-435d-82a4-08da2ff2ec82 X-MS-Exchange-SLBlob-MailProps: ZTmCor6bjd/+zt0aLgYyM2BWdczlo/8sqNHi3vzQQmwGMOm5u5ZOXh+zTyJ9mFQa3c6mNaZvLXNYJdxmy9pE72TgNAQahsHGqk/ZYIQAYbYjqOCK7StGIFdm7yEyQGqcW/56W6qcqUMu4ozxLdRcVZ3PsbYEP3auRh0v/mrUAuF2LA90Z3/a1QfqTEvuxi1BM0/bMUtiXI1dtgfTELk0omgVoR5+447QUl7w8RSe2sT102p9nwkB2WH5tZfBdmumhl2WOZVJ9wAmjnaCsEIKfZBOc6J2vbkjbD+Hsc4DLp0f1JAck3kRp8Iw8f4GUB35aMYprror28lC+C+a0OwgHdBjNC+GbD74lSlmwG/z/FCbvwA5W5S/ujqDU9nJLx/TA0Dw4yx2I75Fq42tVlF4zkUJHmZytXQeVKhqT/8kNSA5nc6YY82wBKlqPx6LAx6eaFbtAMrNt4kbaa6bE3plsP+ZRw798Kn/+/YQV4eT1dIeu+1w4ZR2NoK8JVSrnap4Qgc/ntzurD8pkBAsE8Fzz1S8W+IKXAAIoxqcorxkCU6uWqZw5iXsOFwpi9t73joc6kHxlX9LQePzJlDD2KueusHHQp+NsSt2eJVU/cgfTu7LTDPJOpmI1RDVribIe/V0Fd4xro3baj1M+mEwCufXgg2yqzRpmKDa4yO2NMZuf3BEyNsGLyg1ZQt2J8qYZKmHYaGidrsuO4nS4W4kdVWaWuNtCMkiLd03ExNuZkvlhvXpDkDPZWC4HQ6kggxaVeXEdk9vxZUGVLTp/iQEkQyKlz2T7FbArb484uDkM0pFVNaom4w6lv4W98PzG90RetWO X-MS-TrafficTypeDiagnostic: AM6PR01MB5640:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: eaH8DcpbqOeOlLkG6HM+ObfvyKHsteU7GVYvLz4jv6T1YczurF26Iq7KmMyA85WuWezjjnOsKeE+J2phUAanPHMX/U6H7Ib3UFNPTAfnFHdXJBnlxtKatodukdqIMvEaziTg5oH8CJKpk7MsAfCqFWxCrF6d5nwMkgNSdrxt3j9C5Dd51VjWOhM/nlGQlJFiI+PpATyIP9mGaf+5nL5QnU7vRojDtwsbS0UQTMgB1HeUtUPr7Y1AGGuEGG6MOtcV55cjRgHMNrq6ERtlFhpgG81812VyI4EgdqyobqwfVlBNBvoV/GPbz7KMyzE3KkpDHONWyQSqwFem8jiOh2Lc2lErwxds5d+pYuAYX0CV+72O1NTxEGCa99Yyd21dC/lR0W05+OaMS5fqG5qrAXI0pKSx/MPZHqatH1MjamUeD6pCQRxWLiF1W3qfh58OJ9pA26wfJHnUxixWTbC/4L11ZHY/N0WECEds2cVkqDrGUIPxKey3W4BZpoX1DNNi1FB0NR4+qKi02S9/yvOhtxXtHEHjFAJ/NFK1tz+eQDzCUQMW1EQ6Jv3t+/oavy9oetVMpBbym0Up+bb5xXdPXu25SlX90/LMWwECfp4lNoA/nN/4xHld8Ge6wVLx/RMn83yuhrp7Mydylp8wm7/W26VaSeUgZOhxidfEsw7vVDZ0y1MMoTVGAg2bT7jjuZXYkf9R X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?9eL/7qnoh9iyZYX2MA4X1medN27K?= =?utf-8?q?TGq6C2OWEvMQWo8nXjlDd/A0w/Z08b0tvJhniKuHUvKe2Lk2iSze7r5KacWkWCnBp?= =?utf-8?q?qWvMITcA82ti1Cc07GZfqYX+5gnTw247onP5oXWojvPSQJttiuocOYkfYj/a9cNKA?= =?utf-8?q?MBJ5T66DXPHSf+7f5Jd4SQSyeGojlkj72s04QJtbSbTBuL2YIItCAt+4r5A1AH/VR?= =?utf-8?q?MYrUgsGjhh4ooQzm3Ws6W4K9hECuT4ySFjeaqnwYiWpzNFQTd78ulhqjBGJ06oZNY?= =?utf-8?q?iHS8/Lcyp6urI1lcvvpaux92mzgEz9N3iVXAUUxigi0Ooh+/kB2/56/yZjp1YZLfh?= =?utf-8?q?Jc+VY+ESgNNN4RLolJeELi2W//gnvdRH4hgLK/lqmuMqU2Pqau1B4yYfeZlPP/oV+?= =?utf-8?q?vzLxLGrfHI/PAFw6l60m4QT81XPqV1WQVdSUyMOUYn1Q4OxqJ9w1eZ4noHlEgdGVQ?= =?utf-8?q?PbCzV+znjAzDyIZ+bdf9zjWiwQXmbY0vbjI/ruAN9gFejRBdklo4LeAtBtwrv454p?= =?utf-8?q?QbUEXbQ0bp28wsc25oPW7o00adgEYNUZVsayB0M49LYi2Qa/8+pr0edEmVjVddRc1?= =?utf-8?q?Gbsvk6tkUtbndB6VvNw3tPcbfyz2e06Hh6nWFslZOnjN22/usiJdimraQVxBnGOY9?= =?utf-8?q?F/7NLe9nXxPSIcABSH8fW6kVqiwwcRj1W94OsnEao5kgmFiek8VxM+VtIBZSluuTf?= =?utf-8?q?6dKpxbyaakKVD4ta0KT45sqgfldUl6ssm2YePenFWpzgzUkWxM+uDNYzNXQvP+5Ik?= =?utf-8?q?bWIKVgRJw4+rBJXISvvw5T+UTt2fJYLvsP5470NpWZd+Bu3WxFHsZ8PelLZhlZnfK?= =?utf-8?q?6cIFuIvIuhrEWf+skwsKZ6seo75On8obExD4kCkQ20Fh0/3U447S9KPTbNTgT8UnC?= =?utf-8?q?3NTULBzSj9ahPtpARRbzMQKhoXsgw0jYyR5U32BjunQfZNE3PTSUdYwuG7TSXm6GA?= =?utf-8?q?I+jLHSWDE0FidOKyHcj/Lbuc7ZVyitlAfOypZM8dev3ZIhjgPMJKAhJ+aTb6mZB17?= =?utf-8?q?T7NlfPoYdtAPS5S9/6ETjO6RRZ1Gm2+Rh9kc6drY/VpJce+qOmbRI4tOozzDlPKNH?= =?utf-8?q?wH6n1AmtgrErespNI5/x8LPBjvugsqHB91Q0oZVuRonOfIJ8eD2J3PyfD6JIbUc7+?= =?utf-8?q?tSiz3/Bei/uLKOxcosTbFxrVktf1APuZpEjqcXgGn+Nm9JXBvvZv7x/BVb9uR4k0H?= =?utf-8?q?Gy6Si7iZrdmCy+yUpdPWQav8NAAumycxLaJe33hHZcbyHdP0nmdBI7tRR4wIfjsjF?= =?utf-8?q?apGWdMdrP6oh5FN4HHHc4Toq7uO6V3e7TMYYCRWth6c0yaEkGvehs1OwbeRMMCPkR?= =?utf-8?q?E7AMGYIxa9iaRbUOyNbpR+2bCVgstXPvxlDENtbSk3rb58h4yzAvVgcLjgmBS6VPe?= =?utf-8?q?ePrjqAQpnEL+1hfsRw/7dRzTq90fOwL2/thg=3D=3D?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6f1e2874-98eb-435d-82a4-08da2ff2ec82 X-MS-Exchange-CrossTenant-AuthSource: AS8PR01MB7944.eurprd01.prod.exchangelabs.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 May 2022 06:29:22.6818 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR01MB5640 Subject: [FFmpeg-devel] [PATCH] avformat/dhav: Don't truncate return value of avio_skip() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: joAMbS1J/btU Fixes demuxing files bigger than INT_MAX. Reported-by: jenster Signed-off-by: Andreas Rheinhardt --- This has just been reported by jenster on IRC: I found a bug in libavformat/dhav.c where it fails to demux files > INT_MAX. It's basically assigning the result of avio_skip (which returns an int64_t file offset) to an int in two places which it then checks if it's less than 0 and when the file is bigger than INT_MAX it overflows and becomes negative and errors out (this seems like something that static analysis should find). It's a two line fix (basically just change two ints to int64_t) https://pastebin.com/iUGe9cza (licensed CC0). Would anyone be able to  submit this change or fix it their own way? I don't care about credit and I really don't want to bother with the whole patch submission process for this trivial change. libavformat/dhav.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavformat/dhav.c b/libavformat/dhav.c index 60aab8cabd..9d26efe8fc 100644 --- a/libavformat/dhav.c +++ b/libavformat/dhav.c @@ -78,10 +78,11 @@ static const uint32_t sample_rates[] = { static int parse_ext(AVFormatContext *s, int length) { DHAVContext *dhav = s->priv_data; - int index, ret = 0; + int64_t ret = 0; while (length > 0) { int type = avio_r8(s->pb); + int index; switch (type) { case 0x80: @@ -168,8 +169,7 @@ static int read_chunk(AVFormatContext *s) { DHAVContext *dhav = s->priv_data; int frame_length, ext_length; - int64_t start, end; - int ret; + int64_t start, end, ret; if (avio_feof(s->pb)) return AVERROR_EOF;