From patchwork Sat May 14 20:55:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35767 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:a885:b0:7f:4be2:bd17 with SMTP id ca5csp876552pzb; Sat, 14 May 2022 13:55:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwFzplCGjtqcnTyRgHGX0+LVCl773IDYb/60kYgA/FlgELQrvsQxkxzc/Q4dn5SLJt0RVDJ X-Received: by 2002:a05:6402:ca9:b0:425:ff4d:f6fd with SMTP id cn9-20020a0564020ca900b00425ff4df6fdmr5455362edb.405.1652561750909; Sat, 14 May 2022 13:55:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652561750; cv=none; d=google.com; s=arc-20160816; b=BBMw2xa6SllsI/7NOlqbXjNtrkaMBMm1XlX/rgp3C/DDUp8DREu3OxUieR2bzHZY7r B89Ytaz1RRYhg4yRJtwTEtHdZwVwUzvHxtlc1Ar6N/IgBl4AR3g8evAbfeghoC6/4/66 bjPcin/kTP4D6rvca6xsueDqphOvRb3UGfYozf6PVxmkgSx0XDGfsX5PxVywU1xV2P39 RxAxAfxU4GczYRuukfrcvOofhWxxK43Tublh2k04mPRZOXiKUnfBvRIenxHE12V5WpKx U+JjjRaDXlhcCYhxvMNgkr6VEuAPk53CVYDD4ezlUDQW/tmBajdhD9rAtLn5fGRNG5df HKTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=dhmMOaaSHCq3yozQzYCP2Kk3X9sy5Rgu/Ld4by622F8=; b=PUnIxBEE2zD//qAV58Tfw+XMTH2KX31VDXq4GlG0/aXYUH8Wnu9Zm0PORL8tRMkHAJ BhnemWuv8+QOB8YVhgyiv/rJbcE1n/4qX8HgDbjgfymyTRKtxfK9O6pP3K1oJiB9cEbS mJxdYvmTYLsBsPCgJNeNp7uOCOxQTzEG59dUj/VxjJPxSgv6iq3/GudqI/VUY/2JS1Wm TClGk1kaypcC2vxFHYSeTthhq++iGW3ngTrPLQjgMPqEOI8IdyEuBM3hjrMVvlyxwaxG eq8LE+ve1QYpAAFrnrIBPwNz5ZClRY2NFm95HClMXxc3iOoIu07BNO8PjSLODtq3TGAh ljBw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=D3QJq1Rl; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id e16-20020a17090658d000b006f49ee0cb62si6190276ejs.207.2022.05.14.13.55.50; Sat, 14 May 2022 13:55:50 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=D3QJq1Rl; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 32E6D68B46B; Sat, 14 May 2022 23:55:36 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pg1-f169.google.com (mail-pg1-f169.google.com [209.85.215.169]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C877668B455 for ; Sat, 14 May 2022 23:55:26 +0300 (EEST) Received: by mail-pg1-f169.google.com with SMTP id q76so10588381pgq.10 for ; Sat, 14 May 2022 13:55:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=Xarnv5vIwXMy5lH5rxP7K+aIHzBAnNq8DgFofdT+WwQ=; b=D3QJq1RljI/R8uVUs5cnlmlaoHM9uS2gbT7gFTBhMkkLo+bSKikGscneluntLuwDAg YDZbv8hAlB5kdSReYdFHZ51wrIFrtQklFp6lXi0xcl+xUjZxF6IH5ZGj9QL9i6aP+RwG 2mFsHBHG8o6adLsNy4Ih2sAbUYRyxrPYE15L0lqHBq+bisBgk4LBYIfkTrVCSFW3Mx8I ElVN9jovxwHTB+qrwE9hCtCek0n5MEX21Tp2bt55fFYef8u1Rjh3k/sbd8Z97tEwtzxt MpyDH5iveeJh6V1bCp/3C9xuzP2rmX0susOHesZy5JlrjT1+gHkxeVpUnugom+AxxJhJ ETvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=Xarnv5vIwXMy5lH5rxP7K+aIHzBAnNq8DgFofdT+WwQ=; b=coBxBQSumk5CzUlJj4roozOEdZrqScHhrRvQOODwy1QIqqFL0B7XGDebpN/A9l1j5W CsbSRlfx81n/uzH2KHT6kTBKf1d+tVfuzt/Ylm4Y5AKFXxRgSXA4HI58ZsS0aCquGfzq sQbT5v6M8ylp851TcsdVF9I6tk5NTLyx6kHujbxZ/FoADNROpr6QHxNicgZVRJ1QyBVC Q+Bx+oOud71+RpSd0xMFIZTq6Si0gw5VMXR6y/Iyb10vjs9otw/Mem1MB5IXYmgr1snK GXftB2OPOrZzg9+H0KbSJ6vsPXlCSq3M0nFcKUnTU/gHwrg10dbeCEoHsAlRdazbOOn7 /iXg== X-Gm-Message-State: AOAM530wkGfalCeDEUW4eLgj9VZDkHXzojS5Ta85aC7RY4kW2ECh2h/4 PXVaY0ek/8NdkyDTVzV8gjQcdUcMJ0TdyQ== X-Received: by 2002:a65:6e44:0:b0:3db:219e:2250 with SMTP id be4-20020a656e44000000b003db219e2250mr9231600pgb.369.1652561725231; Sat, 14 May 2022 13:55:25 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id a29-20020a62d41d000000b0050dc7628160sm4034711pfh.58.2022.05.14.13.55.24 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 May 2022 13:55:24 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: <60966b79077e80d51c6ec77c3543e89dc148aed0.1652561722.git.ffmpegagent@gmail.com> In-Reply-To: References: Date: Sat, 14 May 2022 20:55:13 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v4 01/10] libavformat/asf: fix handling of byte array length values X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: qMcE16+NKO9W From: softworkz The spec allows attachment sizes of up to UINT32_MAX while we can handle only sizes up to INT32_MAX (in downstream code) The debug.assert in get_tag didn't really address this, and truncating the value_len in calling methods cannot be used because the length value is required in order to continue parsing. This adds a check with log message in ff_asf_handle_byte_array to handle those (rare) cases. Signed-off-by: softworkz --- libavformat/asf.c | 8 +++++++- libavformat/asf.h | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/libavformat/asf.c b/libavformat/asf.c index 1285062220..bec7db0c7e 100644 --- a/libavformat/asf.c +++ b/libavformat/asf.c @@ -139,12 +139,18 @@ static int get_id3_tag(AVFormatContext *s, int len) } int ff_asf_handle_byte_array(AVFormatContext *s, const char *name, - int val_len) + uint32_t val_len) { + if (val_len > INT32_MAX) { + av_log(s, AV_LOG_VERBOSE, "Unable to handle byte arrays > INT32_MAX in tag %s.\n", name); + return 1; + } + if (!strcmp(name, "WM/Picture")) // handle cover art return asf_read_picture(s, val_len); else if (!strcmp(name, "ID3")) // handle ID3 tag return get_id3_tag(s, val_len); + av_log(s, AV_LOG_DEBUG, "Unsupported byte array in tag %s.\n", name); return 1; } diff --git a/libavformat/asf.h b/libavformat/asf.h index 01cc4f7a46..4d28560f56 100644 --- a/libavformat/asf.h +++ b/libavformat/asf.h @@ -111,7 +111,7 @@ extern const AVMetadataConv ff_asf_metadata_conv[]; * is unsupported by this function and 0 otherwise. */ int ff_asf_handle_byte_array(AVFormatContext *s, const char *name, - int val_len); + uint32_t val_len); #define ASF_PACKET_FLAG_ERROR_CORRECTION_PRESENT 0x80 //1000 0000 From patchwork Sat May 14 20:55:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35768 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:a885:b0:7f:4be2:bd17 with SMTP id ca5csp876571pzb; Sat, 14 May 2022 13:55:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzjsfxMfbinl9HE/iFTWR4yCu7PQjSBz6QvHtKh1IiVueLEqb2A7UCpdgs5voW9Hr3BpEnc X-Received: by 2002:a17:906:804b:b0:6f3:8d78:ffa8 with SMTP id x11-20020a170906804b00b006f38d78ffa8mr9270770ejw.588.1652561759408; Sat, 14 May 2022 13:55:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652561759; cv=none; d=google.com; s=arc-20160816; b=rY5loBHTvW0TMwWIWn/sIcMss5BXaCRogrb2WYHOCYW/0u9+qYDoeuEOZ/baUP3dwI HoQQzHfNlZwFiWQSgjnGOIdncRtIV0AW5qFcIJwzs+iMeX6jEf7JDag1XhlzUdez1f1h stculWGwnXrPF1HaqfER03kl1kPrco0euYeHCratJW+eDHKcED7Hn3rqYzT5G2tlEBxb ZayCoJ2NvofDc9Pxqf+ZUEhSQMV//sRAQ3Y8ZsaXCpLFVWTH362b4FyTXkXbRZHb1MIN nip43WoTk438xCTbbBC8o3mj90nCINg3+E5lZQ4tGmQTYEdUK2oD8DB5vDcCARjeQvF2 Lzjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=FbmSkekbRU+glvbDuDDew4IRVICf+5nKzfH20HB12ZI=; b=1AL3dWGRUJ9FlUwrSzwlQc6ko4qWqKXv5/pDsfa/Q2bfCrsx2RRbjZWsu7GhbgRSHu TbXLYrrZGfWF+wYmoPWujEbGBatHCsQcvupfaasK6rxOgInZ0jG7wMLqluB+tM8YAClS LW2Ia8ZcgCJACN8tbaM1Fc8TVIEfBRKHHttx3TzK7juW7F+cEf3r9UoQtk01ckE2yzVA iH5yJXlhWYbGjXaLZaekkNFumhuAZNagmWXpOHR/IlIPmi5RfHoiu5i1mMtKW6vHpew0 dgd8A9mgA3mW5uK9Apd127Xhs3l7aA4S7+xEaw9jAh1LdQucyZz7DWuutl5C8DlEACD1 gK6Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=m+qE9ddF; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id t16-20020a056402525000b00425e9509cd3si6732867edd.60.2022.05.14.13.55.59; Sat, 14 May 2022 13:55:59 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=m+qE9ddF; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 298CE68B44F; Sat, 14 May 2022 23:55:37 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C3D9968B460 for ; Sat, 14 May 2022 23:55:28 +0300 (EEST) Received: by mail-pf1-f181.google.com with SMTP id y41so10645160pfw.12 for ; Sat, 14 May 2022 13:55:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=e9kAy1hNhj5Sc7aTm650SFJdxjeG7UpvPDKX1g2Yhyg=; b=m+qE9ddFtaM8QKira6LaTNhEp97Qnm9B/D1HcM/kbPCmdrhDy1Q8bHnXvAokUfwTHp ljvYGHEvqrlxInJWmi+Pu09r/4J1AdCs6SmvHYSI+tOx2fuvnfbmkLxgpjAyMo9UKW6A dex64BYPn9df8QPuXUqUFwmRzdf3wWcplqRpUb21anVKg49D5RQaqRpjQmN41+BSdqMm mxmG3qsGWFsMhcwo/SOHje1EPNPetmIH1xaMU7ErWWC4mSQr07k8xOjVCo85wTaY/7da +wqbizkDFWW+BjdUA2YEuI+jMEFfDAJJ2TAj6WskX33pulKJwRD9v+1WWUOgnBfgLhIe H4tA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=e9kAy1hNhj5Sc7aTm650SFJdxjeG7UpvPDKX1g2Yhyg=; b=WhMzqxhIIiuiDxwHule1pIqpcNOzy0mb08Tti9TR3BIaPCLkCZ8f17R2ZHxxZopH7v R/pLc/hd/vHkCIphbquNwl56eDG/EBmYUYqDTDWZrC/EvRTBlOI4XG8gkDv65K0hEfiL lhUe8Km19R0W2eX8TpwCvWAA8xLip19pHPK8gScVWu8f7skgefBX+cdrlEV5hzupbo0A b+02Mo6HzX18pHP+v7LVn3EJNst78ZQKppUEqDsZXhodCLKPEzsb12at+T+Eaq7anAA4 ycyPjqUKXlsIO+L7CGs/LAH5nV76mTx0as1/0t+qfsubCFXVwm4RH/j88GdO7MCdqYMs 5+FA== X-Gm-Message-State: AOAM531/fpLlB+8zVW5poSFc20flFY6FAmqck3TllL7wgXVEUPTzheAh v7XrgqgUTm7QHo2PudEetbafkxuAmo33jg== X-Received: by 2002:a63:8548:0:b0:3db:2f3:d2fd with SMTP id u69-20020a638548000000b003db02f3d2fdmr9217217pgd.519.1652561726421; Sat, 14 May 2022 13:55:26 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id ip14-20020a17090b314e00b001d81a30c437sm3629712pjb.50.2022.05.14.13.55.25 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 May 2022 13:55:25 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: <5acab7b52b7f6e83023cb023ce9b616515d3ed4c.1652561722.git.ffmpegagent@gmail.com> In-Reply-To: References: Date: Sat, 14 May 2022 20:55:14 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v4 02/10] libavformat/asfdec: fix get_value return type and add checks for X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: sPMR4ivyFV8R From: softworkz unsupported values get_value had a return type of int, which means that reading QWORDS (case 4) was broken due to truncation of the result from avio_rl64(). Signed-off-by: softworkz --- libavformat/asfdec_f.c | 57 +++++++++++++++++++++++++++++++----------- 1 file changed, 43 insertions(+), 14 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index 4770a812db..c7c4ba55d6 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -203,7 +203,7 @@ static int asf_probe(const AVProbeData *pd) /* size of type 2 (BOOL) is 32bit for "Extended Content Description Object" * but 16 bit for "Metadata Object" and "Metadata Library Object" */ -static int get_value(AVIOContext *pb, int type, int type2_size) +static uint64_t get_value(AVIOContext *pb, int type, int type2_size) { switch (type) { case ASF_BOOL: @@ -549,6 +549,8 @@ static int asf_read_ext_content_desc(AVFormatContext *s) { AVIOContext *pb = s->pb; ASFContext *asf = s->priv_data; + uint64_t dar_num = 0; + uint64_t dar_den = 0; int desc_count, i, ret; desc_count = avio_rl16(pb); @@ -568,14 +570,27 @@ static int asf_read_ext_content_desc(AVFormatContext *s) /* My sample has that stream set to 0 maybe that mean the container. * ASF stream count starts at 1. I am using 0 to the container value * since it's unused. */ - if (!strcmp(name, "AspectRatioX")) - asf->dar[0].num = get_value(s->pb, value_type, 32); - else if (!strcmp(name, "AspectRatioY")) - asf->dar[0].den = get_value(s->pb, value_type, 32); + if (!strcmp(name, "AspectRatioX")) { + dar_num = get_value(s->pb, value_type, 32); + if (dar_num > INT64_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported AspectRatioX value: %"PRIu64"\n", dar_num); + return AVERROR(ENOTSUP); + } + } + else if (!strcmp(name, "AspectRatioY")) { + dar_den = get_value(s->pb, value_type, 32); + if (dar_den > INT64_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported AspectRatioY value: %"PRIu64"\n", dar_den); + return AVERROR(ENOTSUP); + } + } else get_tag(s, name, value_type, value_len, 32); } + if (dar_num && dar_den) + av_reduce(&asf->dar[0].num, &asf->dar[0].den, dar_num, dar_den, INT_MAX); + return 0; } @@ -603,6 +618,8 @@ static int asf_read_metadata(AVFormatContext *s) { AVIOContext *pb = s->pb; ASFContext *asf = s->priv_data; + uint64_t dar_num[128] = {0}; + uint64_t dar_den[128] = {0}; int n, stream_num, name_len_utf16, name_len_utf8, value_len; int ret, i; n = avio_rl16(pb); @@ -630,17 +647,29 @@ static int asf_read_metadata(AVFormatContext *s) av_log(s, AV_LOG_TRACE, "%d stream %d name_len %2d type %d len %4d <%s>\n", i, stream_num, name_len_utf16, value_type, value_len, name); - if (!strcmp(name, "AspectRatioX")){ - int aspect_x = get_value(s->pb, value_type, 16); - if(stream_num < 128) - asf->dar[stream_num].num = aspect_x; - } else if(!strcmp(name, "AspectRatioY")){ - int aspect_y = get_value(s->pb, value_type, 16); - if(stream_num < 128) - asf->dar[stream_num].den = aspect_y; - } else { + if (!strcmp(name, "AspectRatioX") && stream_num < 128) { + dar_num[stream_num] = get_value(s->pb, value_type, 16); + if (dar_num[stream_num] > INT64_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported AspectRatioX value: %"PRIu64"\n", dar_num[stream_num]); + return AVERROR(ENOTSUP); + } + } + else if (!strcmp(name, "AspectRatioY") && stream_num < 128) { + dar_den[stream_num] = get_value(s->pb, value_type, 16); + if (dar_den[stream_num] > INT64_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported AspectRatioY value: %"PRIu64"\n", dar_den[stream_num]); + return AVERROR(ENOTSUP); + } + } else get_tag(s, name, value_type, value_len, 16); + + + if (stream_num < 128 && dar_num[stream_num] && dar_den[stream_num]) { + av_reduce(&asf->dar[stream_num].num, &asf->dar[stream_num].den, dar_num[stream_num], dar_den[stream_num], INT_MAX); + dar_num[stream_num] = 0; + dar_den[stream_num] = 0; } + av_freep(&name); } From patchwork Sat May 14 20:55:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35769 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:a885:b0:7f:4be2:bd17 with SMTP id ca5csp876601pzb; Sat, 14 May 2022 13:56:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw4+U96yhr1+ez90pxGC8PkDcfJsgoUv4S/6O1hntYO2LLHtUQA8nQ2NutDmJb8qwrQNbXb X-Received: by 2002:a17:906:5d09:b0:6f4:4407:a422 with SMTP id g9-20020a1709065d0900b006f44407a422mr9333725ejt.576.1652561768671; Sat, 14 May 2022 13:56:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652561768; cv=none; d=google.com; s=arc-20160816; b=ultFhuFcjHR6m7+EpvJJsfdLqOwVek77dNC+4G1CUyvwYzLeXx3DB2bZvlzYlMQalb Xjb59SOwnuizXAJPgTyawvlqCiPvnVHUCkmjbGPMWl51XvbA47ydapTEcphWipBEhIr4 f2jwXv5VXq17nlQS/yfPsVgz6lqQGqHN7URsPzAn35i5mY8bL2kXJZ4jNjV5VGsi4sKy RhLInW5TtYrAXUrKESLb66kwlk/JMl7ZL4Ip5BRTM3TNWZrprPJMjPJ+V80l95xoUL+M dK+hKRV0giinu3gUrEp3hCRwINSuiLDWzjHK4+cAtmQTmnxGIEs3hoFraTarjDh+7UPP xM/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=/FBzym2XwFRNgiw+QbYgvKnhRGGJovBP1aBn8/B7lnY=; b=eESlLu+8L2wkGhARKICj/39Uia6u2W4ESWlvBgM7tCZhLVZUiQ4p2h9+xGdNkNbXNl Mo0CFwqRkkRXyEXa8G9dP7bhG/yhM8MbzeBSdvZ/eQLE912NCHgfe8WB3mWXJUMuQjt8 EGqgaSdoQCRwQBFAs2UdhxlqoHKmNtc+q9tPnqZ8lSbHhkVsCTY17bq1+VTxP6W9VDdu toRerymsRJNCTBWvw+asxaAj/zfiQu/8yOBOfoeHB1ptJzC4t+jsPKswQ3L+rryDD9UO +/Oq6aj1Pyg6/7+DLvhqfgZbvx7XKYQrkEA6yPiD5w8E1dWqimW3dTLWuuvIZoIq71CM XqbA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=bt3qBnkK; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id w5-20020a056402268500b00425f86e7823si6749148edd.31.2022.05.14.13.56.08; Sat, 14 May 2022 13:56:08 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=bt3qBnkK; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 093F868B4A5; Sat, 14 May 2022 23:55:38 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 30BA068B460 for ; Sat, 14 May 2022 23:55:29 +0300 (EEST) Received: by mail-pf1-f169.google.com with SMTP id bo5so10670210pfb.4 for ; Sat, 14 May 2022 13:55:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=vFC9J6gUyCuHzxh2glSoTSiclVhHxySFo9/Q3ots71w=; b=bt3qBnkKNOZ7ZJnmVhIAMbjW5ytRsEk/rB9ts8sVP5pttugTFR0Z8RJU5Hu2wy4ARJ v9XspptLOvO34jwIt/vchW/BZn9K8Z/0EvkB2k2Py7SFTjo+VadC7GqXtrLw1XXjQpFa 0Xbukf6xp858S4zhy7CbRkI+GDXDLQ7+h65a3WwMcejD94ZzCRE5UQZwnvs8pet/MpjI fJkCCjhSeHhkyfYgySREHKlX+6v7YK6dNuI+PHrqX4Bg5ZMbj8cUb8r5WYjbWxJrL0Zp geeapsJtgiHtRTvS9KnWMoycILw5Ncm60hdN03FtZEjr5C3yCg86iIPIo8MtMZkhH5L/ KX6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=vFC9J6gUyCuHzxh2glSoTSiclVhHxySFo9/Q3ots71w=; b=VXTkQwcDPV8mBNbW2KI6ibljIYI1akiAmuBo49E3mMCnCA2YfVJOR35RLOh3F2zIXK uWdjxs4c0tMJBZZRpX6x6mAXUe7QESafe4qn6+zH1oak4gQQZzP8CXAcYx3u2gtSJ97A R7Us6TWz+qdjDfZxY/Wb0uldwJcjw893qp7cE1RUMR3hToJVJ9jM1cEa43wrjWWQ22Z1 ekmYLcdoB0XGaO4TFTX+G37G2IkWHUEQQbcmHaypat8blr3Xard7J9p0kUNtzSJpQkjn qdYcwiqcjW6HmuaKqhwmuQImFYywDyhzJohbUsiVPKsNKr+nC2hLpibN8g6CNFaKeIad 1R3g== X-Gm-Message-State: AOAM532D/eX6ORLb4EzyeIqUXxXBJHWCgSurenBJWH1DY0ZJ9HGD2IrU 5TMKqmjLCkq43um9dhO9YDfFhKHVY0iO0w== X-Received: by 2002:a63:d450:0:b0:3c6:e382:c13b with SMTP id i16-20020a63d450000000b003c6e382c13bmr9029577pgj.138.1652561727477; Sat, 14 May 2022 13:55:27 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id f7-20020a170902ab8700b0015e8d4eb29esm4052391plr.232.2022.05.14.13.55.26 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 May 2022 13:55:26 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: <97e0d765c98243e35d167bae0870b2c07fd613aa.1652561722.git.ffmpegagent@gmail.com> In-Reply-To: References: Date: Sat, 14 May 2022 20:55:15 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v4 03/10] libavformat/asfdec: fix type of value_len X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: dn3Q06er7ppD From: softworkz The value_len is an uint32 not an int32 per spec. That value must not be truncated, neither by casting to int, nor by any conditional checks, because at the end of get_tag, this value is needed to move forward in parsing. When the len value gets modified, the parsing may break. Signed-off-by: softworkz --- libavformat/asfdec_f.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index c7c4ba55d6..eda7175c96 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -219,7 +219,7 @@ static uint64_t get_value(AVIOContext *pb, int type, int type2_size) } } -static void get_tag(AVFormatContext *s, const char *key, int type, int len, int type2_size) +static void get_tag(AVFormatContext *s, const char *key, int type, uint32_t len, int type2_size) { ASFContext *asf = s->priv_data; char *value = NULL; @@ -529,7 +529,7 @@ static int asf_read_ext_stream_properties(AVFormatContext *s) static int asf_read_content_desc(AVFormatContext *s) { AVIOContext *pb = s->pb; - int len1, len2, len3, len4, len5; + uint32_t len1, len2, len3, len4, len5; len1 = avio_rl16(pb); len2 = avio_rl16(pb); @@ -620,25 +620,23 @@ static int asf_read_metadata(AVFormatContext *s) ASFContext *asf = s->priv_data; uint64_t dar_num[128] = {0}; uint64_t dar_den[128] = {0}; - int n, stream_num, name_len_utf16, name_len_utf8, value_len; + int n, name_len_utf8; + uint16_t stream_num, name_len_utf16, value_type; + uint32_t value_len; int ret, i; n = avio_rl16(pb); for (i = 0; i < n; i++) { uint8_t *name; - int value_type; avio_rl16(pb); // lang_list_index - stream_num = avio_rl16(pb); - name_len_utf16 = avio_rl16(pb); - value_type = avio_rl16(pb); /* value_type */ - value_len = avio_rl32(pb); + stream_num = (uint16_t)avio_rl16(pb); + name_len_utf16 = (uint16_t)avio_rl16(pb); + value_type = (uint16_t)avio_rl16(pb); /* value_type */ + value_len = avio_rl32(pb); - if (value_len < 0 || value_len > UINT16_MAX) - return AVERROR_INVALIDDATA; - - name_len_utf8 = 2*name_len_utf16 + 1; - name = av_malloc(name_len_utf8); + name_len_utf8 = 2 * name_len_utf16 + 1; + name = av_malloc(name_len_utf8); if (!name) return AVERROR(ENOMEM); From patchwork Sat May 14 20:55:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35770 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:a885:b0:7f:4be2:bd17 with SMTP id ca5csp876635pzb; Sat, 14 May 2022 13:56:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxXeurbCz0Ysgu5FJApPtKPMWs5CnRLRiM68l/OcSpJ0mQ4DsJXC+VfRCza4bfVZBD4YaFH X-Received: by 2002:a17:907:2cc7:b0:6fa:7356:f411 with SMTP id hg7-20020a1709072cc700b006fa7356f411mr9201224ejc.369.1652561777875; Sat, 14 May 2022 13:56:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652561777; cv=none; d=google.com; s=arc-20160816; b=HFQiUGl2sf9/H9a2ej61NuDPCsxrbNCgfof+IHfU0+2RS+s30ILuNaMIl0xgf3feJ4 YOVw/xSvy3jRV00U6QOsQECAvMAt9hJBfgmJok85VSj4ULD++M0tz9sFum3jU73n35DG qSEgrd8nyJ5NTorTuWUQlQoUl/iHzKCscRZiyscpAiuMdZJ2ybE/1ZxjRQ2iCirffUpN 4hpdA/j61WHvBTTZ7nBmW/UWCn4veEj5sNtH33UrElRtKIqsMBg+PqXv+KizCBB+IDi6 b/7RTdTPz0VasTHzlOQAIf+waZH8Z0Qxi+9WZOT3tysooy4JkRgI3jPkTvnRUfTVoD8k 5+5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=89mZpGzjOtRjqpzUR+O5C6P5fDYN97LSlQ1VWbJa/n8=; b=sL061jwWoKVebuTRSFKJ18tyCxp4uOCV/lXZqQYL1Q91lp3tAeZI2CElS9R2D9oURd GXu9B3n9r8qnfoVZR7/8utqiQmqQBwWrE9a9eeOkmJCUBTtfTvX1J91YE36yV+9isfTS 2tBIqIbuwvqrSPwV6kVFNncKhYqphNDvmrZRdkXM9rCjEuu3VJnhCqk0Dl3FJ/AuUpVj aqozmRk2jwUu2kv/vHmqE8ya8EFsbyOsHIEIKp2dPyCB5Rnah4lvmkJYgbKPq3yoFBGu zccza8EYLEKyr3NuKbHWkSP34XYCchuL/Fi/dRtryat4tW0Lu2mivUhMer61RX1XlhVz ikBQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=RI3aGA19; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id w24-20020a170906481800b006df76385ca1si5282258ejq.321.2022.05.14.13.56.17; Sat, 14 May 2022 13:56:17 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=RI3aGA19; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 26B1B68B4B1; Sat, 14 May 2022 23:55:39 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com [209.85.216.44]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 0C11F68B47A for ; Sat, 14 May 2022 23:55:30 +0300 (EEST) Received: by mail-pj1-f44.google.com with SMTP id nr2-20020a17090b240200b001df2b1bfc40so761300pjb.5 for ; Sat, 14 May 2022 13:55:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=D9c7VBND5lM6c2l/hN37gsSq6r7rOHfuot8SuI5nRzI=; b=RI3aGA19udvI87USc9Npm5P8m9FtX6ATz5+o1/4/h1mjfp3guWW0U4g0MTapvVy1ro oZElStxH44Tb5bebA68e5iSMr91iK0wpsc7btdJIeONaIJeYXJj9hMPvOFS0BA1O53uH GsAHzFF5KGbBXgVkrXmBHoAaxLiL2me/uEbyOs/coKVKzCZWlH9nSzlokz1xG9cx6P12 IS0emNXEkpNl4LKyF1Xg4pN0w9gSGg9a43hsg60Y9dw9e2RnK5vSA3mxRaI2vhuFuSuI gHbZ0BvaBA3JJVmgaByCkvlqWrF82GdlF7hrzS/cBaQ+kwQaFPhV19vuszUWAFqbX43c GsXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=D9c7VBND5lM6c2l/hN37gsSq6r7rOHfuot8SuI5nRzI=; b=PJjDqSo8o+IumrpJq5QVu/55umEqAqSBzoChmdf9JHmdoKq2pS17AfMgnP27n5EV9L Z/WDaT+dtoJK1hWA8bj+7VAc1KAwXx6V6farC/x10R0VtI+pqJ76ylzk3PyI9H+GhzLJ 3JuJI9hWBP+w61zqmiUPr/9ZwieS4TkAMczTXsFmww4q1ZmztHFSWvGI4dHY086wJi8V a9IpjHFsrzG9CKH7de6tHSP+CNZtG8jjN9WyQiwkifkT0g71aFu3oQROw/4cxlceY0xY 3bO3oK3QHjcfUyPLjINF3oBbrFWG+GopvCsZHgwIYsgIcNF6dF2TzGrC/4oUZy9i218X YiNg== X-Gm-Message-State: AOAM533ff/+vyl22Cfy2Dte5UfLGpXLbMHYh5yX+tqh54jhALxUTQHYD LolVP5QoeFwGCVPKUWv2iqOHlSRoQ4zyuA== X-Received: by 2002:a17:90b:1bc2:b0:1de:dac7:6124 with SMTP id oa2-20020a17090b1bc200b001dedac76124mr15488613pjb.162.1652561728442; Sat, 14 May 2022 13:55:28 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id 26-20020aa7915a000000b00512ee2f2363sm2456952pfi.99.2022.05.14.13.55.27 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 May 2022 13:55:27 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: <025123f72d9bbb2bbea7b063c7255cf6c77746a3.1652561722.git.ffmpegagent@gmail.com> In-Reply-To: References: Date: Sat, 14 May 2022 20:55:16 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v4 04/10] libavformat/asfdec: fixing get_tag X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: bxSiWcdn4yHD From: softworkz These three are closely related and can't be separated easily: In get_tag, the code was adding 22 bytes (in order to allow it to hold 64bit numbers as string) to the value len for creating creating a buffer. This was unnecessarily imposing a size-constraint on the value_len parameter. The code in get_tag, was limiting the maximum value_len to half the size of INT32. This was applied for all value types, even though it is required only in case of ASF_UNICODE, not for any other ones (like ASCII). get_tag was always allocating a buffer regardless of the datatype, even though this isn't required in case of ASF_BYTE_ARRAY The check for the return value from ff_asf_handle_byte_array() being >0 is removed here because the log message is emitted by the function itself now. Signed-off-by: softworkz --- libavformat/asfdec_f.c | 54 +++++++++++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 14 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index eda7175c96..cb7da2d679 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -222,37 +222,63 @@ static uint64_t get_value(AVIOContext *pb, int type, int type2_size) static void get_tag(AVFormatContext *s, const char *key, int type, uint32_t len, int type2_size) { ASFContext *asf = s->priv_data; - char *value = NULL; int64_t off = avio_tell(s->pb); -#define LEN 22 - - av_assert0((unsigned)len < (INT_MAX - LEN) / 2); + char *value = NULL; + uint64_t required_bufferlen; + int buffer_len; if (!asf->export_xmp && !strncmp(key, "xmp", 3)) goto finish; - value = av_malloc(2 * len + LEN); + switch (type) { + case ASF_UNICODE: + required_bufferlen = (uint64_t)len * 2 + 1; + break; + case -1: // ASCII + required_bufferlen = (uint64_t)len + 1; + break; + case ASF_BYTE_ARRAY: + ff_asf_handle_byte_array(s, key, len); + goto finish; + case ASF_BOOL: + case ASF_DWORD: + case ASF_QWORD: + case ASF_WORD: + required_bufferlen = 22; + break; + case ASF_GUID: + required_bufferlen = 33; + break; + default: + required_bufferlen = len; + break; + } + + if (required_bufferlen > INT32_MAX) { + av_log(s, AV_LOG_VERBOSE, "Unable to handle values > INT32_MAX in tag %s.\n", key); + goto finish; + } + + buffer_len = (int)required_bufferlen; + + value = av_malloc(buffer_len); if (!value) goto finish; switch (type) { case ASF_UNICODE: - avio_get_str16le(s->pb, len, value, 2 * len + 1); + avio_get_str16le(s->pb, len, value, buffer_len); break; - case -1: // ASCI - avio_read(s->pb, value, len); - value[len]=0; + case -1: // ASCII + avio_read(s->pb, value, buffer_len - 1); + value[buffer_len - 1] = 0; break; - case ASF_BYTE_ARRAY: - if (ff_asf_handle_byte_array(s, key, len) > 0) - av_log(s, AV_LOG_VERBOSE, "Unsupported byte array in tag %s.\n", key); - goto finish; case ASF_BOOL: case ASF_DWORD: case ASF_QWORD: case ASF_WORD: { uint64_t num = get_value(s->pb, type, type2_size); - snprintf(value, LEN, "%"PRIu64, num); + snprintf(value, buffer_len, "%"PRIu64, num); break; } case ASF_GUID: From patchwork Sat May 14 20:55:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35771 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:a885:b0:7f:4be2:bd17 with SMTP id ca5csp876668pzb; Sat, 14 May 2022 13:56:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwpBc+T/BPsESOsf0DAnBnlyNWi0E1VkEgF9wQYmkzTeiIg1cf3Yx65hgOLfrpnF2K8oXlO X-Received: by 2002:a17:906:4f0f:b0:6f4:667c:ff9d with SMTP id t15-20020a1709064f0f00b006f4667cff9dmr9507727eju.519.1652561787141; Sat, 14 May 2022 13:56:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652561787; cv=none; d=google.com; s=arc-20160816; b=KcjlOvmZSV53jpAdaeMLmE7RXiyus/GmkV7siMh2M2YcCZ0NCEc6WoAhIoOSUECqAU GPkRahC4/YiYUbR5GsG2EGamjiUxkvmhlRD2y2nAvCVi2m69ozC/OKnOCB64uj/ndwfY nVjQMyo2LPbrgupBWArs2wwXNGunbFTJYn8a25ap+XjWPNrLmlHhU6pGbL3AWPUQVXfN IK/ZHenYZx30KK5FmtEFONwcIJt7lgsUvs6uFccCm4IbeXj8Vs0XcvXxlHMgbZa/rqKJ rLNtGAK3VtQ1oMdqGvRgpjSLESbmCJLMZw7JNJBTSlYPyCyTRP9NoTjWh7GQiBzbzXZv rj9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=+sXsHIu5iwCtmM5dqUlj8iSAMJwIA5aSY8gVwlCOyGU=; b=xA6Vy8xOhNqpVUl6ULh7p38jQZgubC896vxyb3k9zywv+3ZrWehMPaBG9x+wM1kF/H bhyiZoipO2WVbm/gmAI3LdKdSa6xNfG9DW06cuJLMPMjkJMPVjCrijxyX9dvAi9QlGPx JNYOafrA1JLSA5AHE5NjvSdRgnyNGsqSth3UxrYcmuNae+LwC2md5k7h2/1OX0DDmitt fbJdBUXZOAVHs9yhaDVhewOLIDf+7oSWu4P6W1u3ZG3d5i7+hqN4YmjDCB1NmfqJbA9f RNYWeFnSAUKWp6duoNGotYbvUq9xRswNuUDozajsO/jXM2Uy0900+VPF7cEsWPhrZN+8 GoVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b="S0/aERtZ"; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id gs6-20020a1709072d0600b006f4408bfffbsi6987409ejc.779.2022.05.14.13.56.26; Sat, 14 May 2022 13:56:27 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b="S0/aERtZ"; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 388BA68B4AF; Sat, 14 May 2022 23:55:40 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id ED1FF68B46B for ; Sat, 14 May 2022 23:55:30 +0300 (EEST) Received: by mail-pj1-f53.google.com with SMTP id gj17-20020a17090b109100b001d8b390f77bso13840025pjb.1 for ; Sat, 14 May 2022 13:55:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=EWXQ2/QX6jkFRgzpve7Yj9q8QUBRv7hWik0E6ZcSLE8=; b=S0/aERtZhfdwFpk+JMDl/YfpH63T79dNTjTu48fZQ1Cfd+HnfUvcte75KbVRFuSp3E NUy9IS/Iyol8V8ACGmKQhmbHgUt2h9TzpKx+VkGFPOmPDC+f9Jdq8qJ3T3vcpEf0X6PI nNLUomGFeaHcXFcXV1Yw6XuQbDt/HhXSFYrFWo1ZlwNeG43pzJdOeHLaBUxezpu8Vdgy /urFD+VoVKcoFeNydk2vqAYoVZjGQtYeucthNjTvrm+fOt5pxuPGunQ+S9cFTEDwD5Tv txmOra45njXGlEpZLEd1EZAm30P75HGl75C1RKy/Wsq1f4aGZbIpIILrXuHZvsv4mOZO x5cQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=EWXQ2/QX6jkFRgzpve7Yj9q8QUBRv7hWik0E6ZcSLE8=; b=M7WO2t8lEjAXyq8BjHhFYSYDurMb0xTGXoOahdBKXx4nHsldFZW1zGS6sF3BNjmI8n t4uZob19FCm4GVLqTO+wSat3GLNy1VQD2+dbpL5nIcGl7e7NVE409IdLXKr70Q0kuoSn ej53JHeMyrbA8Ovz6FOUUiUVITJYQ25CXllWWCvFw7+GdT1zaE5OvBPs12EQd+rWWfHJ 3fpVLa6DaxKA0E5Kh4geg9+SMEJd5MwDQsgxVsN5zIt+MGze3kHxQpPllGUFhyr373IO b38dyliaSGyZ0m3Jk93I8N1Vak6pxMf9mMlUQTqWRunKOAvpVTwI89Cys72Yj/f4kCu9 YvnA== X-Gm-Message-State: AOAM530x+J5dMo3TkNKIjJg8cOVJsacg+HiSJAaoJqpnlciB+JfK4SfZ ifnhsQqIzUUt9L96SrIiEruywQ0ieDdYaQ== X-Received: by 2002:a17:90b:1d06:b0:1dc:67f1:1f61 with SMTP id on6-20020a17090b1d0600b001dc67f11f61mr22871256pjb.71.1652561729450; Sat, 14 May 2022 13:55:29 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id b13-20020a170902e94d00b0015e8d4eb208sm4088390pll.82.2022.05.14.13.55.28 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 May 2022 13:55:28 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: <2d01e4dff5f21e8357f3ce0e9f9878dd5536fec7.1652561722.git.ffmpegagent@gmail.com> In-Reply-To: References: Date: Sat, 14 May 2022 20:55:17 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v4 05/10] libavformat/asfdec: implement parsing of GUID values X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: Wl1ew/3Dk7Gf From: softworkz Signed-off-by: softworkz --- libavformat/asfdec_f.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index cb7da2d679..81a29f99d5 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -281,9 +281,12 @@ static void get_tag(AVFormatContext *s, const char *key, int type, uint32_t len, snprintf(value, buffer_len, "%"PRIu64, num); break; } - case ASF_GUID: - av_log(s, AV_LOG_DEBUG, "Unsupported GUID value in tag %s.\n", key); - goto finish; + case ASF_GUID: { + ff_asf_guid g; + ff_get_guid(s->pb, &g); + snprintf(value, buffer_len, "%x", g[0]); + break; + } default: av_log(s, AV_LOG_DEBUG, "Unsupported value type %d in tag %s.\n", type, key); From patchwork Sat May 14 20:55:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35773 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:a885:b0:7f:4be2:bd17 with SMTP id ca5csp876730pzb; Sat, 14 May 2022 13:56:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw7qnbDcDHkXef7Xl8zhvqCKfhmrahbl9dxShzlacIy8BuCftwYkzQriOUWaghzyWBl1EC4 X-Received: by 2002:a17:907:d91:b0:6f4:c817:d492 with SMTP id go17-20020a1709070d9100b006f4c817d492mr9798215ejc.407.1652561805038; Sat, 14 May 2022 13:56:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652561805; cv=none; d=google.com; s=arc-20160816; b=z0zctNKoclCDMVq9EoXXHTRHM3t42xoNYh1OpO05AmvWHGwqjb7w8F2bvL1PxaT29y jlr5FE8oPboNPMgO6Ap9NTFWFpcvYgicU+C8v+7GSnAyk4JnZ1APBKsviDgl7CxGZxcN YIlygcLxJkCAyxBvc2iFUIK41i9LFA7TNzQ3iuvyl1CVqRh2R1mrq0uVKTSPHY3j+v/u oHmSf9eAooptdlXIwp+iII4NmJrETLwoT6zZoRytSFbhKWiLTVIJJSR6qm1H/tAGBtkh YDUoRK4yK1Pv/ZBCrFivOpJucXeC0JB1H3hQzRAfjZ5b7YuCIC/f1JsSTQHxkA6OaeSb JE3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=WuZ79bMdOgFtg+L6rXyH11ao2lGBv+oF9ZTv+L474Tc=; b=xhUFfJ+d9FeWOYhvSdp/gziRMIwJh4n16ZP25X+mDC3C+DEgH9vCvoUsSz3wki22C9 /Zel8QdkT2jqWyzIdyx2MMjlI7xxxxqAeEcvOLVEM1ysVw20lRum1GhemT/ZJqqmnojZ KztlKA9Rt9cH31ocoKS1ESwDWHDlylKagSWvfXgDVUg+7iP+0S4dxL/dGnYMYrVzyR16 2gD/krUPT3rXlQ5IwalzSu0xGxPo07dH4oCeOk46Ww+GBNi9erBr/O68ZKytTg/zzvUq 8WrA/kG7jQ3AYY0VpD+BfERIZ9qIENs2HC39j7qLGkuiaMxeqQbjsKtGRYlAhpOJ3Iqf 201w== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=hDmD3oGW; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id gz12-20020a170906f2cc00b006efd1bca356si5410757ejb.629.2022.05.14.13.56.44; Sat, 14 May 2022 13:56:45 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=hDmD3oGW; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6225668B4BC; Sat, 14 May 2022 23:55:42 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3D81868B480 for ; Sat, 14 May 2022 23:55:32 +0300 (EEST) Received: by mail-pj1-f49.google.com with SMTP id gj17-20020a17090b109100b001d8b390f77bso13840044pjb.1 for ; Sat, 14 May 2022 13:55:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=XjCO4keXQfoCynY7AYZDsIIXwFiPa/O/T5YzBRAgx6Y=; b=hDmD3oGWO/+S1na4neXo4jw1h5zBJpUDjweXcgsyjLtHH8azR835whahOwJ06auy1z wy9JT+3ASr/Tdqy9BeWPdShe9jOWUDSJGnNIMZ/P1IsBjT1Zs9fYQ5k2OyIrJQtxe1jv PbnN8s8u1c6M6ds9SJlOjNKpcFumZS6bK7yz8cYTw2N2sHUyzt1+hiLuUu+E26rd8bXR TtZLwt9OcHojS+uXNwAiAAPADfi+WjXJCUjwQocrag4JlDqdRqnlI6yhRSxy63GzRos3 OzsiM6KKui7bIpQybPI+GsOzqCfA8MPFlyKQaaCKkSaSab2LO0yt/O1n7OlCY0++vwnZ 8Bdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=XjCO4keXQfoCynY7AYZDsIIXwFiPa/O/T5YzBRAgx6Y=; b=ZBdYwBxuV65XYJ4dswQp2eynICRB2rwiTUFND4hWA0x9E4V0HL1mXJjLSSlkk0PUZB obS138kdadLGWyx7Iu2bkfc4i62i7mt1fq9aKF60MZLW5DLJWVofWu+zOPgIyEJwzRem LdltCzKUkmww6eLNP7d5hYoMd7YXJaSy3Zck90y0RF5A5XZiFfb78tadSxavv6IQ3C97 snyj0L1ELmg8/AjTwEnGG/8uNaeE4jxvLBIpry3Qg8nK0MdpygV35pQNh+jd7xxL80Zn 1Xu+NrdBbK0wAf/z/bH7iRjl6jjWVT7w7DdXw3SnxE7zhaF5r+u6am+RPueFwzQzE4w+ pLcw== X-Gm-Message-State: AOAM530YAA95rLactw25MbQPlRn4c70j0QWoeLX+t7A1Ob5znmIz1GZP gSJtELO/ILPDmSf3WbOmR8uSUZPP5ZKJJA== X-Received: by 2002:a17:90a:fd85:b0:1d9:6281:d158 with SMTP id cx5-20020a17090afd8500b001d96281d158mr22648707pjb.187.1652561730436; Sat, 14 May 2022 13:55:30 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id cw15-20020a056a00450f00b0050dc76281a1sm3998276pfb.123.2022.05.14.13.55.29 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 May 2022 13:55:30 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: <33b3d163dfcd61ae6f4ac258ae28fa0756436587.1652561722.git.ffmpegagent@gmail.com> In-Reply-To: References: Date: Sat, 14 May 2022 20:55:18 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v4 06/10] libavformat/asfdec: fix macro definition and use X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: jHCYv694MpyK From: softworkz Signed-off-by: softworkz --- libavformat/asfdec_f.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index 81a29f99d5..91c3874ac7 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -906,21 +906,21 @@ static int asf_read_header(AVFormatContext *s) } #define DO_2BITS(bits, var, defval) \ - switch (bits & 3) { \ + switch ((bits) & 3) { \ case 3: \ - var = avio_rl32(pb); \ + (var) = avio_rl32(pb); \ rsize += 4; \ break; \ case 2: \ - var = avio_rl16(pb); \ + (var) = avio_rl16(pb); \ rsize += 2; \ break; \ case 1: \ - var = avio_r8(pb); \ + (var) = avio_r8(pb); \ rsize++; \ break; \ default: \ - var = defval; \ + (var) = (defval); \ break; \ } @@ -1003,9 +1003,9 @@ static int asf_get_packet(AVFormatContext *s, AVIOContext *pb) asf->packet_flags = c; asf->packet_property = d; - DO_2BITS(asf->packet_flags >> 5, packet_length, s->packet_size); - DO_2BITS(asf->packet_flags >> 1, padsize, 0); // sequence ignored - DO_2BITS(asf->packet_flags >> 3, padsize, 0); // padding length + DO_2BITS(asf->packet_flags >> 5, packet_length, s->packet_size) + DO_2BITS(asf->packet_flags >> 1, padsize, 0) // sequence ignored + DO_2BITS(asf->packet_flags >> 3, padsize, 0) // padding length // the following checks prevent overflows and infinite loops if (!packet_length || packet_length >= (1U << 29)) { @@ -1066,9 +1066,9 @@ static int asf_read_frame_header(AVFormatContext *s, AVIOContext *pb) asf->stream_index = asf->asfid2avid[num & 0x7f]; asfst = &asf->streams[num & 0x7f]; // sequence should be ignored! - DO_2BITS(asf->packet_property >> 4, asf->packet_seq, 0); - DO_2BITS(asf->packet_property >> 2, asf->packet_frag_offset, 0); - DO_2BITS(asf->packet_property, asf->packet_replic_size, 0); + DO_2BITS(asf->packet_property >> 4, asf->packet_seq, 0) + DO_2BITS(asf->packet_property >> 2, asf->packet_frag_offset, 0) + DO_2BITS(asf->packet_property, asf->packet_replic_size, 0) av_log(asf, AV_LOG_TRACE, "key:%d stream:%d seq:%d offset:%d replic_size:%d num:%X packet_property %X\n", asf->packet_key_frame, asf->stream_index, asf->packet_seq, asf->packet_frag_offset, asf->packet_replic_size, num, asf->packet_property); @@ -1144,7 +1144,7 @@ static int asf_read_frame_header(AVFormatContext *s, AVIOContext *pb) return AVERROR_INVALIDDATA; } if (asf->packet_flags & 0x01) { - DO_2BITS(asf->packet_segsizetype >> 6, asf->packet_frag_size, 0); // 0 is illegal + DO_2BITS(asf->packet_segsizetype >> 6, asf->packet_frag_size, 0) // 0 is illegal if (rsize > asf->packet_size_left) { av_log(s, AV_LOG_ERROR, "packet_replic_size is invalid\n"); return AVERROR_INVALIDDATA; From patchwork Sat May 14 20:55:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35774 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:a885:b0:7f:4be2:bd17 with SMTP id ca5csp876770pzb; Sat, 14 May 2022 13:56:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJze9CIqV2ZV0BQz9Wd7m6sR75hlS37sRLYD8qjwfdbFEJF/JW7CE9Ja1sug/B4F3f6oPfNE X-Received: by 2002:a17:907:6090:b0:6fa:14ca:fba2 with SMTP id ht16-20020a170907609000b006fa14cafba2mr9604677ejc.564.1652561813730; Sat, 14 May 2022 13:56:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652561813; cv=none; d=google.com; s=arc-20160816; b=DhGABDld7uCMqdqGZA2DFMNZCWgundJsOND/BLDfkUGQBAUcNzpTkc7sDxTAK/hF08 EG6fxixpF0p4UVRAPysTpLLZLzyTXE8/YymIc0dNfzr5QhjDw0XefGcfeng9nWqQv+6e hgaqYnSC+nH83y7P9QlUt2PtmdRNh2Y+Q0+cxQFE0dG0zzWvtQyorM5z7WE2nBdp/Ktj AQYuqy8qhTa+GtSedB75u98YxAvL45ID3N47gXiPGIZhMEJ78JBgNGKt2mv7NJP254pV Bcwo57iuXmAiCuP+AGThavVZPFQGu7OUADZhsOXKwMa1/VfG8FPSselzJVP4ChW3XR2e XDxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=1rAGnlAJNvZgc/WNIg4ccAJX6dEXBH4ra8lpIAutGB4=; b=kbHksgxee1s/beZCtydWmi+7PDearvVM+NN3Mh0eRa2R6u589z3ENHRnbf+IpPGAog yFPqqEs4febnxDp9NrqzNxRoxEjikBGLrpZnuH8Pkw6Up0o2SyzszsSfhCcwyp/dnSPT z7/mWAyOtndOizljV19EE8RBBGHknt1NnqjH/s6qsXt9JtUcdxMkXLWE/4YudYRcxXZE cTwTY8Z/pz04TdJcmNjyoW9HbNa2TZJOJRKwVf02RE7B4KKQ4pa9WCcKLWz91y2m8dh4 jWitmmPctF0ToOiXPay0sBPyFmnGKSCIbdMY0YeU/ZITUVRCUmHxs2XJJiCj8Vx28MVj XKxQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=k4Ot6YBf; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id qk7-20020a1709077f8700b006fd611a9224si5993420ejc.29.2022.05.14.13.56.53; Sat, 14 May 2022 13:56:53 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=k4Ot6YBf; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 78DE268B4CA; Sat, 14 May 2022 23:55:43 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com [209.85.216.46]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 2365468B4AF for ; Sat, 14 May 2022 23:55:34 +0300 (EEST) Received: by mail-pj1-f46.google.com with SMTP id qe3-20020a17090b4f8300b001dc24e4da73so10128292pjb.1 for ; Sat, 14 May 2022 13:55:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=yzHwJgJrV+iip743k9ftZfJnHMwka3KcfJ0xROVDoJE=; b=k4Ot6YBf7kxvaxNZp98j6bswIlv/qesjEoDFN4x/JlIQAjLWzRCAqWMGnxQLP+COlw 11eOrrGn0+41biUHUfYXVdJFhpftn9UnwL9caCZVOMY/PRBOJAAyo4Btwg6NHSEmsMdp OT7O4edRMN2ykrSzwF/sDvckK/FR0I94uklQpBHee5MiKlBwiAbg1OaVswOZYneDJeOb MrPQ2EFQtKRiQjz6TfFqg4dwR/0/gH56fLmSAZAuFAy8R2q6pygWUEksLjjim/wOfWZS uXV5nLV4Wn0NpfPEy7+5Lwft7qix78oLc4a/8fMi/VHg3zirReUctF+L0kJkzJJa0pHp Gvdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=yzHwJgJrV+iip743k9ftZfJnHMwka3KcfJ0xROVDoJE=; b=RcbMi+gneO1T+UGycHiRDlIgPevlzTG9TmAWdC7czv0FyrCvb3O7VdTheUvX+1ytnm 3g+TlPNhnDGCLnJvoMd9ZDxETrwFBx97UNynetomv+FLtsnMIfIAiSr4X0b7XSTXehLI wXqbzfFPdUHyX9rENrNhXjp7v5SbBQZ44l0qTfQLQo0mn0bZVXVRu+zt+5AKn49km1cP LFy/okDjbtjG6UdQOFLBpCHYdJrj8Z6ZwfyOr673jv60BYuU6SDi9ZUQpSwWxjSkGsv9 /i9gpyy0m7oA9fHQrUJFaRNhRo0kO4wPHni+dcAlRDbiFwdj/rWecEsXvDAhkNLN2Uhz hqSg== X-Gm-Message-State: AOAM5312r+FSkD/E9JXx91FbCySAFLO+9C56th7FIG52X8da5gt8VolQ HEipGMy90u2Zzmr44PCZxm+qEaYecXyvnA== X-Received: by 2002:a17:902:b48f:b0:15e:da68:8f12 with SMTP id y15-20020a170902b48f00b0015eda688f12mr10779479plr.27.1652561731382; Sat, 14 May 2022 13:55:31 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id l2-20020a63da42000000b003c14af505efsm3876863pgj.7.2022.05.14.13.55.30 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 May 2022 13:55:30 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: <1509b83f472346ed2bcadf4f6011f89701d8a9b2.1652561722.git.ffmpegagent@gmail.com> In-Reply-To: References: Date: Sat, 14 May 2022 20:55:19 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v4 07/10] libavformat/asfdec: remove variable redefinition in inner scope X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: bEWMspBzZCJy From: softworkz Signed-off-by: softworkz --- libavformat/asfdec_f.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index 91c3874ac7..fae15d9b05 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -1191,7 +1191,7 @@ static int asf_parse_packet(AVFormatContext *s, AVIOContext *pb, AVPacket *pkt) return AVERROR_EOF; if (asf->packet_size_left < FRAME_HEADER_SIZE || asf->packet_segments < 1 && asf->packet_time_start == 0) { - int ret = asf->packet_size_left + asf->packet_padsize; + ret = asf->packet_size_left + asf->packet_padsize; if (asf->packet_size_left && asf->packet_size_left < FRAME_HEADER_SIZE) av_log(s, AV_LOG_WARNING, "Skip due to FRAME_HEADER_SIZE\n"); @@ -1260,7 +1260,6 @@ static int asf_parse_packet(AVFormatContext *s, AVIOContext *pb, AVPacket *pkt) if (asf_st->pkt.size != asf_st->packet_obj_size || // FIXME is this condition sufficient? asf_st->frag_offset + asf->packet_frag_size > asf_st->pkt.size) { - int ret; if (asf_st->pkt.data) { av_log(s, AV_LOG_INFO, From patchwork Sat May 14 20:55:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35775 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:a885:b0:7f:4be2:bd17 with SMTP id ca5csp876788pzb; Sat, 14 May 2022 13:57:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJydXQHViOkBwREAhRVl0saqy9UZzu8xsUmhs3i06cC0o9oPBAZ1i63AUsY7sSg0hV6CpJVN X-Received: by 2002:a05:6402:1e8d:b0:426:9:6ec with SMTP id f13-20020a0564021e8d00b00426000906ecmr5472999edf.55.1652561821950; Sat, 14 May 2022 13:57:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652561821; cv=none; d=google.com; s=arc-20160816; b=bStL9SMR5wg/6yutSo+QdEGNfipB/nikksJxDXm/ko/sS0Om5qGWvG5QUI5kFD1Vx0 NavtSXNR8pUk5DxOsmv61TCpyqib6IJ5MvILLp+CIYnJ6DoZBSYLyppLzJNqjmiXBrUm iphusM9kMvRjNcMLXu8R7yOx91astIGUJVlpvOpTliAE1/pH2Qcb8185bIUwvN/EywUg Fjou4WaHHnYJnDuQxtD1uWzAenbiilrrPB5ThShn8vPrsrYqZcRx34fBTNYKByk8N2kM avlY8mwmX3yk1QdOuE6rQPvaceeDpH+vNP5KE82X/wpDYfIU1or2jff7kRHNWxVE1s+z MdsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=5LMsIBm0l59Xm17pSt2J8UMdKgtZqxco0tgR/InLps8=; b=xJYIQno5/Noz9+641R+Kr5Y1TZ8y0jyxf4EuxVRmjHw8u5OK/wZxCI5D5VbYyTihaQ 1Hql8LlBpXkUcTs2tOG2VlHiWWH9aUtnWJyGtonDvmZ5XE+Q63b1rhMwJ7FSBbyG18u2 uNLD7QLuO9T2t3vXwHKeaWmrSnRJuR/GDLFZfTDRUfg3E3X8Ede53gv0aMcrSoKew/t8 ilfQJS9Jr7bMBEU0jCzuMtNQIgV9uTILGbjQ/4np/FIwgIDDm7SUn0FAOgN5jTJmb9MW MIAQOZwm+1qijvQpIeM6YVLvRWLucR6PkFbjVU0mJtkI01pf/WsONc+K91qMtxUSI/bW BUbg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=RT9PrFPK; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id p13-20020a170906604d00b006f4e29de1casi5561395ejj.501.2022.05.14.13.57.01; Sat, 14 May 2022 13:57:01 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=RT9PrFPK; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 759F668B4B2; Sat, 14 May 2022 23:55:44 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8281068B452 for ; Sat, 14 May 2022 23:55:34 +0300 (EEST) Received: by mail-pf1-f172.google.com with SMTP id d25so10650883pfo.10 for ; Sat, 14 May 2022 13:55:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=+OkvnpUMe4YiAOwpKqdg0nuAUExQNbUWQH91ovfxBig=; b=RT9PrFPK9h0+g36ecnOsQAtsHbtvmF2drw5S3JTPLAxriPlKAxHdr/0ygrTGdcqWyB OnQLNev3eJ8LSahpihCxTPL8xUqnG9yLAyHEcCrkW1excVgI6go4sh3K2tH8BjJFePSG wV+mmZVH0o36E5tRJ51wp4+TBZaVRI9cBeEtwtgsboSqi0mhHfrqZJ47rowjecDRj123 bIZO21Lq+61KYZVypGaNRs/8+NMy1x0afP2/XwdqPPFNzW32Q1ZjSlU/3SValaB7NOCK 6We40r2WDj1HhA3pmf0Is5N1TQ6ZXRHbPEh2oPTjsHhHig0d94GnaLbE0LhDZ/vDvMDR 0ydg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=+OkvnpUMe4YiAOwpKqdg0nuAUExQNbUWQH91ovfxBig=; b=WzMhXRn43LcNuddhUKEpg0O0mznvIiYw6vYfjzV9UkC+faLO4AKRIEJIgjlHQa0Jp9 E4D2YUXiyWvp/B8G3OJFjr9Xs63b0+J1j88c3FHVeBU1QaoiVJCtP1KUwpFdzRJUEceK nIugfC0JJax1nTupvinycCO73f7PGJtawacbCkGrVhyLZsRNTb58ZHwafc122QmMEPoQ M3V2HRIledUtu9T/nHjLqglnWjGZvxSO9uPyiE7a/tmiqOpKcihGOJu4JH2r3JD2Ddb/ 0roC9lOe2r4+DPip0oAZNofA3wLv50wsmLOQRuPDDrdEEV8q2r+zczDQcVoMRpRclXxb m+Gw== X-Gm-Message-State: AOAM5303bNrQiPb9rtduv13u81yS9WCCxPxU/mtcp15lXLiCSQGlTeQP v9IMsmfOrRo5s05/FbqrI2rXxbttYRgiIg== X-Received: by 2002:a65:6e05:0:b0:3da:eb74:ef9c with SMTP id bd5-20020a656e05000000b003daeb74ef9cmr9428797pgb.563.1652561732421; Sat, 14 May 2022 13:55:32 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id u10-20020a170902bf4a00b0015e8d4eb26csm4079417pls.182.2022.05.14.13.55.31 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 May 2022 13:55:31 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: In-Reply-To: References: Date: Sat, 14 May 2022 20:55:20 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v4 08/10] libavformat/asfdec: ensure variables are initialized X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: DF3z/5kEcnLr From: softworkz Signed-off-by: softworkz --- libavformat/asfdec_f.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index fae15d9b05..cb396cccfe 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -978,6 +978,7 @@ static int asf_get_packet(AVFormatContext *s, AVIOContext *pb) avio_seek(pb, -1, SEEK_CUR); // FIXME } } else { + d = e = 0; c = avio_r8(pb); if (c & 0x80) { rsize ++; From patchwork Sat May 14 20:55:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35776 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:a885:b0:7f:4be2:bd17 with SMTP id ca5csp876827pzb; Sat, 14 May 2022 13:57:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxKMtJ0RYIGwheXxwIcwHPCdH4NqsYkqP5zhAQOC8LNNi39ujvLARs9Qjb2RRqB5iwDD+PK X-Received: by 2002:a17:907:9722:b0:6f4:6989:9bc2 with SMTP id jg34-20020a170907972200b006f469899bc2mr9610845ejc.601.1652561830171; Sat, 14 May 2022 13:57:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652561830; cv=none; d=google.com; s=arc-20160816; b=v/07BBHxG/B5L12hH1agc9rTwRAK6e0/fY+oFz1mh+XKiKTp3KpVBe/QFQgzVZmUgq L2Ues8HFJQC7NUEEBnSLZxB5Ax+e0/N0EsRhfMlhzCGfQNFfprTjCPkKYUxBCBY2d7Kx ZAIsCVC79DOwxk91yyrfQv8aDdC6T83KvIAPs72HDggGzsEqhyNnGgI4LYE1NSMoGYC9 2nkO9X/1/fsd9ayhmfTg28hxOvqFHxykZszfDrLCz3LKQRQIztHKy/6tu1Y37IaJXC6E MqvMkeEmyD4BDdnqSpmXsRnOX8qlU4qeluDe4OL0UZTTCmrXzGGOm4/Dpm7pFo3t1sfk oyEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=0vnUjW6kXyuDCGQwIvFccrkRmaSWI5Rgg9YQ3B91PAk=; b=OSaoHeMD4ME/deDSHJdOXxdWrVA7xYKtZ+40fWY+Eo6AU6wnXSNc/RJjm7Nf7FeT7t E0wRlSl1tI5skuZI9rxFA7rs/WCujIFOzpVsWkoRc2hbJ1+DEmayXe+yGoybHk+yBbJC JA7MlEnzPZM4rtb9XmxW0DOVpZfJ8XdfWJ09TCE3qeux85NOAmC1ROnsbE65Epb6sH6E yQm9x+AyVkX4Y6GADftddjpkR9pTzti68ty6kv9xzpUNfp6vNXV1vdztUP1xRPvl3Oir OsmSGM/k8dnlbaOFEhhLJY1SNSCxVCuQfvezhVKMfQyC/JbrpEoj5IqcASXXz4UApjr2 8WkA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b="S/VV23sk"; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id z21-20020a05640235d500b00425d3e0c7a9si6563671edc.151.2022.05.14.13.57.09; Sat, 14 May 2022 13:57:10 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b="S/VV23sk"; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6011668B4D2; Sat, 14 May 2022 23:55:45 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A1A6568B4B3 for ; Sat, 14 May 2022 23:55:35 +0300 (EEST) Received: by mail-pl1-f171.google.com with SMTP id c9so11057472plh.2 for ; Sat, 14 May 2022 13:55:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=2df49WwXuyFHQcX5rxDTmNm6bSFSRuyfB6jKq955jJY=; b=S/VV23skWdQoZT90wWmVMN+Rr6BFSVH2Qn8y6K8prBeOBGEWDrL3euN46WNEsgymQz yLBHfLANU+KFwiCNn4d2s42TqOZyrT6G/QoAs55TvIP9DbmpOeKTftoDP27Y6Koco4pm FbOHkxH1EGhsy1N3ZoTPx2J7jUf4h4AjqZj9ZYTibDEczE2jcIHMImoGI4oxCecQKRQj dMkZBFeSCGFSxmGY2USxnRPFEJLDriI3OEQaC8HOgzNHfCZrR7YWTfzAwsP99EHKf/G9 WBxaR5jjc40tVq4Z4SDyM/5oZ32bpwcspRn3YUaicxreiDNWS3Oaupx+h8mhAnocbhwJ SLQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=2df49WwXuyFHQcX5rxDTmNm6bSFSRuyfB6jKq955jJY=; b=bMRfOV1bIEWL0XvoF7VlROM22Qx2/ba/ATayF5jIatEhWM6l1vcXU3p+Rax2+GsgYQ xlBsMOI0wKn3lpopaNyebLwdesUOG4JyGh3luyWm8sz2fzX8QHFsyFyWVp0gq0ZLNTXj 5zBb5H0Lb3gENrkcy12giM1ulItwBkjByBGDXNaYh85WePj1a5Me1NYLKHyejQanZoCt oIgh+46tWWpResoaoKMujb4Zs9004GDrHUGBU0iEpVKs/xhaU9kgIy2y3hrM6eXaDmnw vYE4TJVqHqrzIgxeP7J0Nt5i6En0SUr43RDMEiuWZW6JGdVzasmxCwuJaWl9E5mW1wgE jkdw== X-Gm-Message-State: AOAM533O9zTC9Atl6dH+cJtQC4sr1rbBAiQX2AAxFkP16qIJGQpAE45F IJZLcP0Otehh6d9iKmMP+ReRx1494M4bZA== X-Received: by 2002:a17:90b:502:b0:1d9:a907:d845 with SMTP id r2-20020a17090b050200b001d9a907d845mr11508102pjz.162.1652561733423; Sat, 14 May 2022 13:55:33 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id p123-20020a625b81000000b0050dc76281d7sm4113922pfb.177.2022.05.14.13.55.32 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 May 2022 13:55:32 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: In-Reply-To: References: Date: Sat, 14 May 2022 20:55:21 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v4 09/10] libavformat/asfdec: fix parameter type in asf_read_stream_propertie() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: 2HJmixoNpoZV From: softworkz Signed-off-by: softworkz --- libavformat/asfdec_f.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index cb396cccfe..95cab8b960 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -324,7 +324,7 @@ static int asf_read_file_properties(AVFormatContext *s) return 0; } -static int asf_read_stream_properties(AVFormatContext *s, int64_t size) +static int asf_read_stream_properties(AVFormatContext *s, uint64_t size) { ASFContext *asf = s->priv_data; AVIOContext *pb = s->pb; From patchwork Sat May 14 20:55:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35772 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:a885:b0:7f:4be2:bd17 with SMTP id ca5csp876691pzb; Sat, 14 May 2022 13:56:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzexLRIndFYzNO76t+xAoDYz946zvQ0wGmlj1QshkWmhZdPM/2m4W/u5HsC1OGKmWn7Gcvc X-Received: by 2002:a17:907:1690:b0:6f5:40d:f4bb with SMTP id hc16-20020a170907169000b006f5040df4bbmr9425984ejc.495.1652561796247; Sat, 14 May 2022 13:56:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652561796; cv=none; d=google.com; s=arc-20160816; b=Ppm7fER7UMpIWCx7h9r+icGdywi2ZbsEVS+HlgmgiDmpEp7hVUu8tL+RvB8pEvoz5z avG7r/GMP6q+FHx20J5lMHFGG7G8YYmRi5xm8tzTm41kj4YY0qJp2UpNSChj/XyBPhPZ LR/mBQH8NbL28GfUrP/7bNGLjcEI8uQP24F71Pr7PuP6rthWD5Q2T5bHQdHYOKYyuAme 9dW4UU3kY5ERYH4KAcHihWtjdPAQNHsrpJ1tOYTFvrggaFydDM5BpTvQhkrpY/BgH6nb fhsRAJxzddC1CNG9zMn6DHFlshNmLq8yMSBKhOEaL20qOS6QYXqg0A4AraPGzQsJoMKo 1RHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=HEuhfykWr7jMpiKbMIEpKMgc/eVGGgtRSxKHM+1H68o=; b=TGh/OP6OBjbjnnLUpC3zNhAsVmdsdt8A8VsvMWFDBH0PrjbEOMcgIssUHeVb62vDKm hczQCY3QcKXyC3Fizo40auGImYc4EAwCUhjqbj87Wq3yEUz81nnnr6d5Xgf1Ff8RtBo1 7Ol/KHV+UEv2orgriM2tfJU6GVCKuTS2O8Mr+craC0zEldrmlUXwCA/pTy+WjH9MAYDG wOhkzBmrGEe/m3s4WhgKtlUjdt0Y2fmqqHEG/FUy82uM4ZA/ky4mriu4LHM+X0Bc7dkn mD+SEjafoIMl8/XYh+i5IXPGQmckdiYRdloU2hkiEp0DbUCLG2hBBqEqO32e5x9LQ0Cj HAGg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=jtdyB3oa; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id v7-20020aa7d807000000b004284782a16csi4749975edq.504.2022.05.14.13.56.35; Sat, 14 May 2022 13:56:36 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=jtdyB3oa; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3CA5868B4A0; Sat, 14 May 2022 23:55:41 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id AACB368B441 for ; Sat, 14 May 2022 23:55:36 +0300 (EEST) Received: by mail-pl1-f181.google.com with SMTP id n18so11044842plg.5 for ; Sat, 14 May 2022 13:55:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=eZeMFFuwzvKEATfntqUCVVbEgvuxqvZmvNNw0IKhqR0=; b=jtdyB3oaYr19lRYjwVF93MwHPhUKolcGtlaxUGtgKOWY9ie1PnFkd6mLQQrWSM7rzJ PCXFC879tmtNqHVYk5tLIDF/jhG3PMG9VNjSb5qZNXSuAjNUYSUYOIE1KQwxbwDI0LEw ffixaEpiJPOulseTqaD03SjVjrJSxwMAJmsL9WyRL5dU2NbGtaYKrpCh1cXmSqyZ6f+I hznxLuFMDyiRS+ivVzSBmFGE9P9Z50Ai6qxw8AhLzDmi8L+hTTTrcw+JEpDGwVQToJ0h iIubVnHXt8ru7DKsuOVdvJe32s+BZUJ0utFwGQoIu2m50gz+BL++c/vCCqBDNpxbSiDF hRDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=eZeMFFuwzvKEATfntqUCVVbEgvuxqvZmvNNw0IKhqR0=; b=vOUl0sw3H0pDSf07Ky1NaC5pSy5tdoiSzInWZh48h5Ul0fwaW8SBwj3BpIsly3wy0i UylK+Ay07+oxoVpcN9UNqUeVupfpe2+geP6NveD4u/YvRFLZzsKjdoc2uWNjdFvxdbON +2IaqNswlKYISZQzjrYA0bTcwH6cv3CXJdUlYtWk3BMpIqw+/2xIIunQoldVj3wFCdga jz3/xrewmFdQxiU4bnCcnLEEoMgtz0DzTBDW031vO0D7ICTfoiebZONhIAL+QemLavEX cnTbk2FH7ytbVA12hpUfx87wvJCILKth9s7e6X4UTG0eFbIpD2qOPl29JUp3p0XGc96u hJPQ== X-Gm-Message-State: AOAM533cWN3z+/xTqtdXb+hY+CiLPDqn2BWMf4fWS5wIruJJ2b2atQGU cxQdJ44CTIx1/ibhkv5yA+eDOQk03O91Qg== X-Received: by 2002:a17:90b:1e09:b0:1dc:d3fa:dabc with SMTP id pg9-20020a17090b1e0900b001dcd3fadabcmr22742707pjb.225.1652561734474; Sat, 14 May 2022 13:55:34 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id l17-20020a629111000000b0050dc7628188sm4100051pfe.98.2022.05.14.13.55.33 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 May 2022 13:55:33 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: <78ed5aeb38c5a6d4d9c96de3c9e99c198f191a21.1652561722.git.ffmpegagent@gmail.com> In-Reply-To: References: Date: Sat, 14 May 2022 20:55:22 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v4 10/10] libavformat/asfdec: fix variable types and add checks for unsupported values X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: 5SghNf934mhh From: softworkz Signed-off-by: softworkz --- libavformat/asfdec_f.c | 168 ++++++++++++++++++++++++++--------------- 1 file changed, 108 insertions(+), 60 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index 95cab8b960..d50682b901 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -333,9 +333,9 @@ static int asf_read_stream_properties(AVFormatContext *s, uint64_t size) ASFStream *asf_st; ff_asf_guid g; enum AVMediaType type; - int type_specific_size, sizeX; - unsigned int tag1; - int64_t pos1, pos2, start_time; + unsigned int tag1, type_specific_size, sizeX; + int64_t pos1, pos2; + uint32_t start_time; int test_for_ext_stream_audio, is_dvr_ms_audio = 0; if (s->nb_streams == ASF_MAX_STREAMS) { @@ -404,7 +404,14 @@ static int asf_read_stream_properties(AVFormatContext *s, uint64_t size) st->codecpar->codec_type = type; if (type == AVMEDIA_TYPE_AUDIO) { - int ret = ff_get_wav_header(s, pb, st->codecpar, type_specific_size, 0); + int ret; + + if (type_specific_size > INT32_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported WAV header size (> INT32_MAX)\n"); + return AVERROR(ENOTSUP); + } + + ret = ff_get_wav_header(s, pb, st->codecpar, (int)type_specific_size, 0); if (ret < 0) return ret; if (is_dvr_ms_audio) { @@ -434,21 +441,32 @@ static int asf_read_stream_properties(AVFormatContext *s, uint64_t size) } } else if (type == AVMEDIA_TYPE_VIDEO && size - (avio_tell(pb) - pos1 + 24) >= 51) { + unsigned int width, height; avio_rl32(pb); avio_rl32(pb); avio_r8(pb); avio_rl16(pb); /* size */ - sizeX = avio_rl32(pb); /* size */ - st->codecpar->width = avio_rl32(pb); - st->codecpar->height = avio_rl32(pb); + sizeX = avio_rl32(pb); /* size */ + width = avio_rl32(pb); + height = avio_rl32(pb); + + if (width > INT32_MAX || height > INT32_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported video size %dx%d\n", width, height); + return AVERROR(ENOTSUP); + } + + st->codecpar->width = (int)width; + st->codecpar->height = (int)height; /* not available for asf */ avio_rl16(pb); /* panes */ st->codecpar->bits_per_coded_sample = avio_rl16(pb); /* depth */ tag1 = avio_rl32(pb); avio_skip(pb, 20); if (sizeX > 40) { - if (size < sizeX - 40 || sizeX - 40 > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE) - return AVERROR_INVALIDDATA; + if (size < sizeX - 40 || sizeX - 40 > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE) { + av_log(s, AV_LOG_DEBUG, "Unsupported extradata size\n"); + return AVERROR(ENOTSUP); + } st->codecpar->extradata_size = ffio_limit(pb, sizeX - 40); st->codecpar->extradata = av_mallocz(st->codecpar->extradata_size + AV_INPUT_BUFFER_PADDING_SIZE); @@ -500,9 +518,9 @@ static int asf_read_ext_stream_properties(AVFormatContext *s) ASFContext *asf = s->priv_data; AVIOContext *pb = s->pb; ff_asf_guid g; - int ext_len, payload_ext_ct, stream_ct, i; - uint32_t leak_rate, stream_num; - unsigned int stream_languageid_index; + uint16_t payload_ext_ct, stream_ct, i; + uint32_t leak_rate, ext_len; + uint16_t stream_languageid_index, stream_num; avio_rl64(pb); // starttime avio_rl64(pb); // endtime @@ -514,15 +532,15 @@ static int asf_read_ext_stream_properties(AVFormatContext *s) avio_rl32(pb); // alt-init-bucket-fullness avio_rl32(pb); // max-object-size avio_rl32(pb); // flags (reliable,seekable,no_cleanpoints?,resend-live-cleanpoints, rest of bits reserved) - stream_num = avio_rl16(pb); // stream-num + stream_num = (uint16_t)avio_rl16(pb); // stream-num - stream_languageid_index = avio_rl16(pb); // stream-language-id-index + stream_languageid_index = (uint16_t)avio_rl16(pb); // stream-language-id-index if (stream_num < 128) asf->streams[stream_num].stream_language_index = stream_languageid_index; avio_rl64(pb); // avg frametime in 100ns units - stream_ct = avio_rl16(pb); // stream-name-count - payload_ext_ct = avio_rl16(pb); // payload-extension-system-count + stream_ct = (uint16_t)avio_rl16(pb); // stream-name-count + payload_ext_ct = (uint16_t)avio_rl16(pb); // payload-extension-system-count if (stream_num < 128) { asf->stream_bitrates[stream_num] = leak_rate; @@ -536,12 +554,10 @@ static int asf_read_ext_stream_properties(AVFormatContext *s) } for (i = 0; i < payload_ext_ct; i++) { - int size; + uint16_t size; ff_get_guid(pb, &g); - size = avio_rl16(pb); + size = (uint16_t)avio_rl16(pb); ext_len = avio_rl32(pb); - if (ext_len < 0) - return AVERROR_INVALIDDATA; avio_skip(pb, ext_len); if (stream_num < 128 && i < FF_ARRAY_ELEMS(asf->streams[stream_num].payload)) { ASFPayload *p = &asf->streams[stream_num].payload[i]; @@ -580,20 +596,21 @@ static int asf_read_ext_content_desc(AVFormatContext *s) ASFContext *asf = s->priv_data; uint64_t dar_num = 0; uint64_t dar_den = 0; - int desc_count, i, ret; + uint16_t desc_count, i; + int ret; - desc_count = avio_rl16(pb); + desc_count = (uint16_t)avio_rl16(pb); for (i = 0; i < desc_count; i++) { - int name_len, value_type, value_len; + uint16_t name_len, value_type, value_len; char name[1024]; - name_len = avio_rl16(pb); + name_len = (uint16_t)avio_rl16(pb); if (name_len % 2) // must be even, broken lavf versions wrote len-1 name_len += 1; if ((ret = avio_get_str16le(pb, name_len, name, sizeof(name))) < name_len) avio_skip(pb, name_len - ret); - value_type = avio_rl16(pb); - value_len = avio_rl16(pb); + value_type = (uint16_t)avio_rl16(pb); + value_len = (uint16_t)avio_rl16(pb); if (!value_type && value_len % 2) value_len += 1; /* My sample has that stream set to 0 maybe that mean the container. @@ -627,14 +644,16 @@ static int asf_read_language_list(AVFormatContext *s) { AVIOContext *pb = s->pb; ASFContext *asf = s->priv_data; - int j, ret; - int stream_count = avio_rl16(pb); + int ret; + uint16_t j; + const uint16_t stream_count = (uint16_t)avio_rl16(pb); + for (j = 0; j < stream_count; j++) { char lang[6]; - unsigned int lang_len = avio_r8(pb); + const uint8_t lang_len = (uint8_t)avio_r8(pb); if ((ret = avio_get_str16le(pb, lang_len, lang, sizeof(lang))) < lang_len) - avio_skip(pb, lang_len - ret); + avio_skip(pb, (int)lang_len - ret); if (j < 128) av_strlcpy(asf->stream_languages[j], lang, sizeof(*asf->stream_languages)); @@ -649,14 +668,14 @@ static int asf_read_metadata(AVFormatContext *s) ASFContext *asf = s->priv_data; uint64_t dar_num[128] = {0}; uint64_t dar_den[128] = {0}; - int n, name_len_utf8; - uint16_t stream_num, name_len_utf16, value_type; + int name_len_utf8; + uint16_t stream_num, name_len_utf16, value_type, i, n; uint32_t value_len; - int ret, i; - n = avio_rl16(pb); + int ret; + n = (uint16_t)avio_rl16(pb); for (i = 0; i < n; i++) { - uint8_t *name; + char *name; avio_rl16(pb); // lang_list_index stream_num = (uint16_t)avio_rl16(pb); @@ -670,7 +689,7 @@ static int asf_read_metadata(AVFormatContext *s) return AVERROR(ENOMEM); if ((ret = avio_get_str16le(pb, name_len_utf16, name, name_len_utf8)) < name_len_utf16) - avio_skip(pb, name_len_utf16 - ret); + avio_skip(pb, (int)name_len_utf16 - ret); av_log(s, AV_LOG_TRACE, "%d stream %d name_len %2d type %d len %4d <%s>\n", i, stream_num, name_len_utf16, value_type, value_len, name); @@ -707,19 +726,21 @@ static int asf_read_marker(AVFormatContext *s) { AVIOContext *pb = s->pb; ASFContext *asf = s->priv_data; - int i, count, name_len, ret; + int ret; + unsigned count, i; + uint16_t name_len; char name[1024]; avio_rl64(pb); // reserved 16 bytes avio_rl64(pb); // ... count = avio_rl32(pb); // markers count avio_rl16(pb); // reserved 2 bytes - name_len = avio_rl16(pb); // name length + name_len = (uint16_t)avio_rl16(pb); // name length avio_skip(pb, name_len); for (i = 0; i < count; i++) { - int64_t pres_time; - int name_len; + uint64_t pres_time; + unsigned name2_len; if (avio_feof(pb)) return AVERROR_INVALIDDATA; @@ -730,13 +751,18 @@ static int asf_read_marker(AVFormatContext *s) avio_rl16(pb); // entry length avio_rl32(pb); // send time avio_rl32(pb); // flags - name_len = avio_rl32(pb); // name length - if ((unsigned)name_len > INT_MAX / 2) + name2_len = avio_rl32(pb); // name length + if (name2_len > INT_MAX / 2) return AVERROR_INVALIDDATA; - if ((ret = avio_get_str16le(pb, name_len * 2, name, - sizeof(name))) < name_len) - avio_skip(pb, name_len - ret); - avpriv_new_chapter(s, i, (AVRational) { 1, 10000000 }, pres_time, + if ((ret = avio_get_str16le(pb, (int)name2_len, name, + sizeof(name))) < name2_len) + avio_skip(pb, name2_len - ret); + + if (pres_time > INT64_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported presentation time value: %"PRIu64"\n", pres_time); + return AVERROR(ENOTSUP); + } + avpriv_new_chapter(s, i, (AVRational) { 1, 10000000 }, (int64_t)pres_time, AV_NOPTS_VALUE, name); } @@ -749,7 +775,7 @@ static int asf_read_header(AVFormatContext *s) ff_asf_guid g; AVIOContext *pb = s->pb; int i; - int64_t gsize; + uint64_t gsize; ff_get_guid(pb, &g); if (ff_guidcmp(&g, &ff_asf_header)) @@ -764,7 +790,7 @@ static int asf_read_header(AVFormatContext *s) asf->streams[i].stream_language_index = 128; // invalid stream index means no language info for (;;) { - uint64_t gpos = avio_tell(pb); + const int64_t gpos = avio_tell(pb); int ret = 0; ff_get_guid(pb, &g); gsize = avio_rl64(pb); @@ -819,7 +845,12 @@ static int asf_read_header(AVFormatContext *s) len= avio_rl32(pb); av_log(s, AV_LOG_DEBUG, "Secret data:\n"); - if ((ret = av_get_packet(pb, pkt, len)) < 0) + if (len > INT32_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported encryption packet length: %d\n", len); + return AVERROR(ENOTSUP); + } + + if ((ret = av_get_packet(pb, pkt, (int)len)) < 0) return ret; av_hex_dump_log(s, AV_LOG_DEBUG, pkt->data, pkt->size); av_packet_unref(pkt); @@ -933,7 +964,7 @@ static int asf_read_header(AVFormatContext *s) static int asf_get_packet(AVFormatContext *s, AVIOContext *pb) { ASFContext *asf = s->priv_data; - uint32_t packet_length, padsize; + uint32_t packet_length, packet_ts, padsize; int rsize = 8; int c, d, e, off; @@ -1021,7 +1052,12 @@ static int asf_get_packet(AVFormatContext *s, AVIOContext *pb) return AVERROR_INVALIDDATA; } - asf->packet_timestamp = avio_rl32(pb); + packet_ts = avio_rl32(pb); + if (packet_ts > INT32_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported packet_timestamp value: %d\n", packet_ts); + return AVERROR(ENOTSUP); + } + asf->packet_timestamp = (int)packet_ts; avio_rl16(pb); /* duration */ // rsize has at least 11 bytes which have to be present @@ -1040,10 +1076,21 @@ static int asf_get_packet(AVFormatContext *s, AVIOContext *pb) rsize, packet_length, padsize, avio_tell(pb)); return AVERROR_INVALIDDATA; } - asf->packet_size_left = packet_length - padsize - rsize; + + if (packet_length - padsize - rsize > INT32_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported packet_size_left value: %d\n", packet_length - padsize - rsize); + return AVERROR(ENOTSUP); + } + asf->packet_size_left = (int)(packet_length - padsize - rsize); + if (packet_length < asf->hdr.min_pktsize) padsize += asf->hdr.min_pktsize - packet_length; - asf->packet_padsize = padsize; + if (padsize > INT32_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported packet padsize value: %d\n", padsize); + return AVERROR(ENOTSUP); + } + + asf->packet_padsize = (int)padsize; av_log(s, AV_LOG_TRACE, "packet: size=%d padsize=%d left=%d\n", s->packet_size, asf->packet_padsize, asf->packet_size_left); return 0; @@ -1078,22 +1125,23 @@ static int asf_read_frame_header(AVFormatContext *s, AVIOContext *pb) return AVERROR_INVALIDDATA; } if (asf->packet_replic_size >= 8) { - int64_t end = avio_tell(pb) + asf->packet_replic_size; + const int64_t end = avio_tell(pb) + asf->packet_replic_size; AVRational aspect; - asfst->packet_obj_size = avio_rl32(pb); - if (asfst->packet_obj_size >= (1 << 24) || asfst->packet_obj_size < 0) { + const unsigned packet_obj_size = avio_rl32(pb); + if (packet_obj_size >= (1 << 24)) { av_log(s, AV_LOG_ERROR, "packet_obj_size %d invalid\n", asfst->packet_obj_size); asfst->packet_obj_size = 0; return AVERROR_INVALIDDATA; } + asfst->packet_obj_size = (int)packet_obj_size; asf->packet_frag_timestamp = avio_rl32(pb); // timestamp for (i = 0; i < asfst->payload_ext_ct; i++) { ASFPayload *p = &asfst->payload[i]; - int size = p->size; + uint16_t size = p->size; int64_t payend; if (size == 0xFFFF) - size = avio_rl16(pb); + size = (uint16_t)avio_rl16(pb); payend = avio_tell(pb) + size; if (payend > end) { av_log(s, AV_LOG_ERROR, "too long payload\n"); @@ -1494,7 +1542,7 @@ static int64_t asf_read_pts(AVFormatContext *s, int stream_index, ASFStream *asf_st; int64_t pts; int64_t pos = *ppos; - int i; + unsigned i; int64_t start_pos[ASF_MAX_STREAMS]; for (i = 0; i < s->nb_streams; i++) @@ -1551,7 +1599,7 @@ static int asf_build_simple_index(AVFormatContext *s, int stream_index) int64_t ret; if((ret = avio_seek(s->pb, asf->data_object_offset + asf->data_object_size, SEEK_SET)) < 0) { - return ret; + return (int)ret; } if ((ret = ff_get_guid(s->pb, &g)) < 0)