From patchwork Sat May 21 05:21:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35860 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:9992:b0:82:461d:f3b with SMTP id ve18csp919760pzb; Fri, 20 May 2022 22:22:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzBzU3gEzYaeHIbmOVxHRcQ6Js/LuF4ffhp00BuOuwQ9Zh0jXQXMyVOz5qBN7thX6+pbbNn X-Received: by 2002:a17:907:7da7:b0:6f4:f92b:3986 with SMTP id oz39-20020a1709077da700b006f4f92b3986mr11319908ejc.50.1653110523382; Fri, 20 May 2022 22:22:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653110523; cv=none; d=google.com; s=arc-20160816; b=EeGlxwKfBOpBuUGpF6PQ0kBlSeC1MZkcLFpj7a1diyHEnTyUNQyxeErOPhOw3otV5Q mvrLJnFT1gV4CIAf3a/ZOMptWGPibhfMO1Jq4KQMMaaXroFuyPknnPy0CAVkzWhNDx3e GiJQKUYZANCpo1tV+Jh0NvXKH6yJUcPCflF+RNE3aw6dJB8k70TBHj37JhuW6yHM46rp BhvIYVIv/E7QaTu60i0TyeB7NpWaV/+SjFtkP5NHK5SpLx2K/h02jAUXfXdyF7WjiuQA MThVsMVM66vUZ5EKSsv2cVi14RVRgIXeckJk0BI3y877NZEsuSvVNKm4+7PdL7saARFt DzTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=dhmMOaaSHCq3yozQzYCP2Kk3X9sy5Rgu/Ld4by622F8=; b=FEeRibY36QVPPeN04odg5tdZuj7xzZimEd1PahnEayN3CbZHhugpvnl8Po5BBQTfhR OWi/vt6WMd/nUnqOS7gaNZzGT+vKqzb3ZOPhmBTamtDtm8T+j7PWaon6Bwj9IzvggUCW hwp8jKjuGOalHbec2C30RJn8+URoG4zU2sEnXuY1g+e8T8NtADAUDgXv2+oyQ+5p7O3l coJqzY4e0YLNiGZO+FirQ72Lh9zRCMjKB9AFN/O7oSbukPGgTQDwTNtVIMR2IN1nYoWc nHQbNHqKQ1wno6aAJLvyl51htroGocdnbNWQtClaOMMe3b9x3tA1G0u9OcggyckdFvz6 mG+g== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=Dn5xLYnn; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id dn24-20020a05640222f800b0042ae30a77f2si9079251edb.398.2022.05.20.22.22.03; Fri, 20 May 2022 22:22:03 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=Dn5xLYnn; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 38D4368B4BC; Sat, 21 May 2022 08:21:51 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6773868B379 for ; Sat, 21 May 2022 08:21:44 +0300 (EEST) Received: by mail-pl1-f180.google.com with SMTP id m12so8893401plb.4 for ; Fri, 20 May 2022 22:21:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=Xarnv5vIwXMy5lH5rxP7K+aIHzBAnNq8DgFofdT+WwQ=; b=Dn5xLYnnw2AHcJC1iLc3LhlZ0wMSlUVLkMCp+DaTmpfqasATrKCTMqk59alYWB9Rdk wuID7P2yZRT2NHCEDlfhTrbxM8g/0YTnIPjaWokuHS5QejDVBwa2LXRo6rUFQK08vUtS 2zp/U+YUjnrKoW7gwD91+9ssrf6pw56xYyItrHe+KBgrLhlFmzTSGESW7OdxVVvGdC1f d8ps/rQBjd3tXCy421XuJ/Ehb4LbLOkRSpp7OU6+irlx7Ch1y4uzZLG00UpCdE0CWdT7 xRG9uGLwEgqiSOpimavN+wcF/5UgteH71n1yeUizGUEuwAzxwXbN2jBJUuqGNM+Ohrcf QEFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=Xarnv5vIwXMy5lH5rxP7K+aIHzBAnNq8DgFofdT+WwQ=; b=oj7RcEG/vgP3XnDyKGgMNmpWG3RGC6zLuUl1Mdl1H1gcKLOGuUHlmZnj1YnGtMbfSy MFLkdVzqZOlBOuegTxfB27IC7Yf3MqCELY/NzfCRA58VJuZOvMwvgc9LCiySXBUy/82W mGD0S+DTomP4RUTlcgCg/grn4ZhFdfNEaUY0DYeIsY4lLfqSJv7EUVodMixCQkhbR05J ZjCrt8n8NufWrJmeGtgnSNV0BxZ17ckr2Qo+RZPGpsZrz9y6y6aXds/kJzq/eHnnPZtH eR0TLFlHiiLCmbSRRoKLOEe3PbXHIqMR+lbiappkR7vJpFkM1LG/rFFBbO2wXKSNMnFE /+JQ== X-Gm-Message-State: AOAM532x0QL4PxaLEFQN6db5urCOtmSPz5Nqf+9lcEgbGBAFbPxKsdiP C4YZECyJQsSLGTj2QYu2te7/WuggYBRk6A== X-Received: by 2002:a17:902:e948:b0:15e:cd79:2a1a with SMTP id b8-20020a170902e94800b0015ecd792a1amr12634962pll.109.1653110502467; Fri, 20 May 2022 22:21:42 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id x26-20020aa7941a000000b0050dc76281f0sm2685668pfo.202.2022.05.20.22.21.41 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 May 2022 22:21:42 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: <7505ffa3c5de269cd850dd577b0ffdb6f79dd36f.1653110500.git.ffmpegagent@gmail.com> In-Reply-To: References: Date: Sat, 21 May 2022 05:21:31 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v5 01/10] libavformat/asf: fix handling of byte array length values X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz , Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: 4v3q5Kk+8hMG From: softworkz The spec allows attachment sizes of up to UINT32_MAX while we can handle only sizes up to INT32_MAX (in downstream code) The debug.assert in get_tag didn't really address this, and truncating the value_len in calling methods cannot be used because the length value is required in order to continue parsing. This adds a check with log message in ff_asf_handle_byte_array to handle those (rare) cases. Signed-off-by: softworkz --- libavformat/asf.c | 8 +++++++- libavformat/asf.h | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/libavformat/asf.c b/libavformat/asf.c index 1285062220..bec7db0c7e 100644 --- a/libavformat/asf.c +++ b/libavformat/asf.c @@ -139,12 +139,18 @@ static int get_id3_tag(AVFormatContext *s, int len) } int ff_asf_handle_byte_array(AVFormatContext *s, const char *name, - int val_len) + uint32_t val_len) { + if (val_len > INT32_MAX) { + av_log(s, AV_LOG_VERBOSE, "Unable to handle byte arrays > INT32_MAX in tag %s.\n", name); + return 1; + } + if (!strcmp(name, "WM/Picture")) // handle cover art return asf_read_picture(s, val_len); else if (!strcmp(name, "ID3")) // handle ID3 tag return get_id3_tag(s, val_len); + av_log(s, AV_LOG_DEBUG, "Unsupported byte array in tag %s.\n", name); return 1; } diff --git a/libavformat/asf.h b/libavformat/asf.h index 01cc4f7a46..4d28560f56 100644 --- a/libavformat/asf.h +++ b/libavformat/asf.h @@ -111,7 +111,7 @@ extern const AVMetadataConv ff_asf_metadata_conv[]; * is unsupported by this function and 0 otherwise. */ int ff_asf_handle_byte_array(AVFormatContext *s, const char *name, - int val_len); + uint32_t val_len); #define ASF_PACKET_FLAG_ERROR_CORRECTION_PRESENT 0x80 //1000 0000 From patchwork Sat May 21 05:21:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35861 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:9992:b0:82:461d:f3b with SMTP id ve18csp919795pzb; Fri, 20 May 2022 22:22:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx7lLOyBBUNEgfHuaYAf7urRg/4huqgdITFcjcQ44p+KZloQPWKfcL6OIRmRwQTAB/Gf5T0 X-Received: by 2002:a50:ed13:0:b0:42a:abfc:8455 with SMTP id j19-20020a50ed13000000b0042aabfc8455mr14208602eds.200.1653110532546; Fri, 20 May 2022 22:22:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653110532; cv=none; d=google.com; s=arc-20160816; b=xDF5zIjS1HlP01dHbdqh9/lLMNxfMX2D2kHHVqkYVg4F2K4WTcrGuD1QzJCqmNe5xY 8ve9ZicZiIDswXEkYV3UbJjEnsIv14pjMZz25FKK/pW5tt+G5oNH1BBvHWt3pa7VR82D 9Sppy40hPevn3kRxQKGCVYe3g8+N+T4Sq5RJXd9woae8iX632w0TTdmxFJGipN5AqpSl RalOtPtFEFPhfjFOvUDKAXwhvXW/X45E1axqe24GY449xfJReoaBkMmBzY3WcoR5HeIg zQcG2pz9YDvXdzNpx2M/aY9lFp5wUgNsvWQdKRUDSLcFT3sXg7VOMQbKDhpyxXkwP0MX sXcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=FbmSkekbRU+glvbDuDDew4IRVICf+5nKzfH20HB12ZI=; b=ePkVgIUMOS2j6MQBQFTuzDJwL5loMkgoaKQnNl1bRB4c6t7CBkLS9hbEeMb92szljq fxZhdnDZbrL9T3GK7la+W31JDCRSz3LxgCBgGNbVb0ejlmdksYtG9BT7lF4L1nZ+x6I6 PB8VLEdQE4b7PMhe4f+BJzz1cAmk1bofV4C04uyiPx2EKD//W/wJPnLCHWAVRZB4y33Q Fd7tCjt0i59iBEz7c/uGZaIs+E69szFROrt7s47yPWmBnn2APFyBvfvockgCQ1FzZD7q ijTkV/aQnnHUD45HhyyKyUN3SHxK4QaW0DovKuhIUL+egCPDV1SFWcxyzpwaqpCpASCq 99bw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=cqeQk3na; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id jz23-20020a17090775f700b006df76385b8csi546544ejc.44.2022.05.20.22.22.11; Fri, 20 May 2022 22:22:12 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=cqeQk3na; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2EF9D68AAC1; Sat, 21 May 2022 08:21:52 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com [209.85.216.48]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4993768AAC1 for ; Sat, 21 May 2022 08:21:45 +0300 (EEST) Received: by mail-pj1-f48.google.com with SMTP id v5-20020a17090a7c0500b001df84fa82f8so9349756pjf.5 for ; Fri, 20 May 2022 22:21:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=e9kAy1hNhj5Sc7aTm650SFJdxjeG7UpvPDKX1g2Yhyg=; b=cqeQk3nag4yc+MfijCRcf24YYZuqVwM5bJF8sly399P88mz6quRh2HxerDSVmvetAQ T5788be576MRLxttdu/ZqkFiyur/06M6EMmw/EJeeJ2CckE0uP/4Tpx7S98rMg6CpqX6 vStBgB+EP2vYOjekvCrtAxvrEhPYuSGntKR+Q4RAQVqyeoj/Z0z/krD5bFC4xYkJtYRt sV1HNqwwLkQ5S3lnwMJ2WrlEii2ZN9DaWl3juSQNhtrZTxumjtekICwcd26xnfptwbej 8MGIdc8pCexowAwh1IWThwsoi+fjwsofBwoT/9mqHmqeEmiBLQTGkOx7ksp+q6lZojR7 YQBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=e9kAy1hNhj5Sc7aTm650SFJdxjeG7UpvPDKX1g2Yhyg=; b=vlNVtxsmNsfmLHekyrCADIa32uY9EdqAWYW0OMsgy8keInegF68limF2U5+P/tD+gV DP2MyhcwtTcYkp4TWhUU5/wInn4bFzE6C9uRdQ+4UjU1+9bcP8CCIk1kr/n5gaSarfHQ ZbzfF6kZycgEWvpov1L3Rqu4kMl3+Didj5rkVSwOi70DQgJ6U2WhUj+3mlZyQHsJ9qzB 9hUb9ZWKU8t2T9tc08D0ZlHA+bQTUV/KvjIgWgW/YfEhJtTvoOMYo06zA/PhoDFIkKoW 7Ah/tnA86CFaXmvH4BnNsq4sRuiqGVWDOUAL1CIVozB7u8j2cNrYiFADNV8qMGrpm/cE VuPg== X-Gm-Message-State: AOAM531buogMBEWInpiW2bjO9HnLKV4Mb/i+Gtg+xzsC1TS86qHuno7c 0Pb6gNjV6D82+UG5sOvxImtNDMToWbo9hA== X-Received: by 2002:a17:902:7c83:b0:162:64e:8c19 with SMTP id y3-20020a1709027c8300b00162064e8c19mr1514044pll.9.1653110503465; Fri, 20 May 2022 22:21:43 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id t12-20020a170902e84c00b0015e8d4eb244sm149370plg.142.2022.05.20.22.21.42 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 May 2022 22:21:43 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: In-Reply-To: References: Date: Sat, 21 May 2022 05:21:32 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v5 02/10] libavformat/asfdec: fix get_value return type and add checks for X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz , Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: EdGJti/0TVYz From: softworkz unsupported values get_value had a return type of int, which means that reading QWORDS (case 4) was broken due to truncation of the result from avio_rl64(). Signed-off-by: softworkz --- libavformat/asfdec_f.c | 57 +++++++++++++++++++++++++++++++----------- 1 file changed, 43 insertions(+), 14 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index 4770a812db..c7c4ba55d6 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -203,7 +203,7 @@ static int asf_probe(const AVProbeData *pd) /* size of type 2 (BOOL) is 32bit for "Extended Content Description Object" * but 16 bit for "Metadata Object" and "Metadata Library Object" */ -static int get_value(AVIOContext *pb, int type, int type2_size) +static uint64_t get_value(AVIOContext *pb, int type, int type2_size) { switch (type) { case ASF_BOOL: @@ -549,6 +549,8 @@ static int asf_read_ext_content_desc(AVFormatContext *s) { AVIOContext *pb = s->pb; ASFContext *asf = s->priv_data; + uint64_t dar_num = 0; + uint64_t dar_den = 0; int desc_count, i, ret; desc_count = avio_rl16(pb); @@ -568,14 +570,27 @@ static int asf_read_ext_content_desc(AVFormatContext *s) /* My sample has that stream set to 0 maybe that mean the container. * ASF stream count starts at 1. I am using 0 to the container value * since it's unused. */ - if (!strcmp(name, "AspectRatioX")) - asf->dar[0].num = get_value(s->pb, value_type, 32); - else if (!strcmp(name, "AspectRatioY")) - asf->dar[0].den = get_value(s->pb, value_type, 32); + if (!strcmp(name, "AspectRatioX")) { + dar_num = get_value(s->pb, value_type, 32); + if (dar_num > INT64_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported AspectRatioX value: %"PRIu64"\n", dar_num); + return AVERROR(ENOTSUP); + } + } + else if (!strcmp(name, "AspectRatioY")) { + dar_den = get_value(s->pb, value_type, 32); + if (dar_den > INT64_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported AspectRatioY value: %"PRIu64"\n", dar_den); + return AVERROR(ENOTSUP); + } + } else get_tag(s, name, value_type, value_len, 32); } + if (dar_num && dar_den) + av_reduce(&asf->dar[0].num, &asf->dar[0].den, dar_num, dar_den, INT_MAX); + return 0; } @@ -603,6 +618,8 @@ static int asf_read_metadata(AVFormatContext *s) { AVIOContext *pb = s->pb; ASFContext *asf = s->priv_data; + uint64_t dar_num[128] = {0}; + uint64_t dar_den[128] = {0}; int n, stream_num, name_len_utf16, name_len_utf8, value_len; int ret, i; n = avio_rl16(pb); @@ -630,17 +647,29 @@ static int asf_read_metadata(AVFormatContext *s) av_log(s, AV_LOG_TRACE, "%d stream %d name_len %2d type %d len %4d <%s>\n", i, stream_num, name_len_utf16, value_type, value_len, name); - if (!strcmp(name, "AspectRatioX")){ - int aspect_x = get_value(s->pb, value_type, 16); - if(stream_num < 128) - asf->dar[stream_num].num = aspect_x; - } else if(!strcmp(name, "AspectRatioY")){ - int aspect_y = get_value(s->pb, value_type, 16); - if(stream_num < 128) - asf->dar[stream_num].den = aspect_y; - } else { + if (!strcmp(name, "AspectRatioX") && stream_num < 128) { + dar_num[stream_num] = get_value(s->pb, value_type, 16); + if (dar_num[stream_num] > INT64_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported AspectRatioX value: %"PRIu64"\n", dar_num[stream_num]); + return AVERROR(ENOTSUP); + } + } + else if (!strcmp(name, "AspectRatioY") && stream_num < 128) { + dar_den[stream_num] = get_value(s->pb, value_type, 16); + if (dar_den[stream_num] > INT64_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported AspectRatioY value: %"PRIu64"\n", dar_den[stream_num]); + return AVERROR(ENOTSUP); + } + } else get_tag(s, name, value_type, value_len, 16); + + + if (stream_num < 128 && dar_num[stream_num] && dar_den[stream_num]) { + av_reduce(&asf->dar[stream_num].num, &asf->dar[stream_num].den, dar_num[stream_num], dar_den[stream_num], INT_MAX); + dar_num[stream_num] = 0; + dar_den[stream_num] = 0; } + av_freep(&name); } From patchwork Sat May 21 05:21:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35862 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:9992:b0:82:461d:f3b with SMTP id ve18csp919823pzb; Fri, 20 May 2022 22:22:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyYpsrzccAXbbLAFCLkW2ZGhmF7jrol6nMNBYqt7fCwJMXmm2sFhJuNaS4itulGMB8hDZDM X-Received: by 2002:a17:907:6da3:b0:6f4:6b70:33d4 with SMTP id sb35-20020a1709076da300b006f46b7033d4mr11594689ejc.51.1653110541582; Fri, 20 May 2022 22:22:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653110541; cv=none; d=google.com; s=arc-20160816; b=lJiVVHEAeRES1H0TUL7pnrUxP7azLCK+RyfHDfqEeQpSoq+nsIsGBPHdFQYQ40/vCu ARfcBXtM99QMhajkzY7uuBTf+q/RXLzRSKxId7SBa/3kE0lM/qKo6eqXz/94Omb8nNeW ZB+MbOLMBVAtk8Ix+jE2PIL0S+TJao/708XQfp05PZPweYUmSnh1ZYjA68BJVvxRane6 olhZWq7NW/hi58LaXUxZPh6xr+zzTV19kXCX2jGysSgwPE5OBN1QWw2XqiEudP/RNH43 K+ZvHJ2q56kYwnwV6HKYP25UHOx7bZxXoZUOdB/Cli33J1g4UbgXw3qvgl8pZ+VP0LFb rD8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=/FBzym2XwFRNgiw+QbYgvKnhRGGJovBP1aBn8/B7lnY=; b=LT+ULT8YEBrhY32txwpuOQNdSljNlZ1v+yQaNAwTOfT6J4Wsgqjwk1waL93HVqBfRr wtgI6D94mEh6CV2fzHani1vJ06xM0rhV8YOqnqcEK9WXa1B/9JR8h9t4nysT6p3hfCSS 1xN7LJo1hG3KjUvK9pP7D+Zymt1xulQl3/1TIIJc4P1cAdw0t98B7aDgF4uibK5DhVsu q591pmpa6lxtpsO4XGggOCGAuzCIc0NJViTk8Q7feBcb63dE6uibM0a8ilumru/lle2v W5qxcFo0xaglg5u3cwt4L6zWYlTWRGJCITj+6Jcu6+gg4yHZ0nuKW5aboGrRZjTg9u6d BABg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=ipfCIklB; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id c3-20020aa7c743000000b00423fb5cb330si9394616eds.187.2022.05.20.22.22.20; Fri, 20 May 2022 22:22:21 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=ipfCIklB; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2C3D468B4E6; Sat, 21 May 2022 08:21:54 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com [209.85.216.54]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 5B01868B4BF for ; Sat, 21 May 2022 08:21:46 +0300 (EEST) Received: by mail-pj1-f54.google.com with SMTP id l14so9645487pjk.2 for ; Fri, 20 May 2022 22:21:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=vFC9J6gUyCuHzxh2glSoTSiclVhHxySFo9/Q3ots71w=; b=ipfCIklBS6yu8gJ95YFD76oV0Ef7RnIYg5iHS/k9OL/TtVbZZkXIbLF3W/fF1hQj/n QB6qhT53YKzEm3V6CP4iijqJWsHFCiYkdMebc0Uh8E+FcS4qTTehwIVq1cK0LFNWVvg/ 27u4XbKzRDbAiZ11j6rKiBmuYUqyno9plMfAE8XltmtGgw+gLxkqls+UUeEAWWcUZk8r wWnxkCRtr5uEPbLr9cNqGX9gxFN1gteC5dFrzi9XOOfX88ehyZte6kHZdp9pzYyZ3dQK GHOcXmptddwzL/679hdHArv+Bh4wNxmNQe4NLu+v7K1AUMoldUeJ4Nji3SLr2Ubos/q8 VROw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=vFC9J6gUyCuHzxh2glSoTSiclVhHxySFo9/Q3ots71w=; b=oDIDi43OHVKVE/i4e/4jbGuiFfSv+qqil49v4xDt9kxv2Qa3h5m0Gwu2m2Pn4ANrYG 3C4ldPlkyqK5dOvGsVplcw49pi58cHr04UIr6QyTd7ZANn5tLDmrTPN/kzVd1R8VLg5q 7ID+oGJb33epxAmj8GphQdmOtXR94nP35SX2S1OvFeNfP/sYLwFpBXSNdOanrI6Y9A+g hXVPXpQ9TN23bKKLLyHVSFmEw1KVfhnA6EBVYVg33HCxme0ngvZX/WQ0FA3OWmpenbEq vFS2xLCzXibpkkbU/4RzQ/nQHBqoO/gHWrlpjYLHYj7sEd6HLbTfjNzLGmGO7zms31ga Q0iA== X-Gm-Message-State: AOAM530Hjf+LwSrjWg1KkwHSjGh84DilGXDeF9Zr76ylMM+iu1pETPW9 2TMMe3wOC2fM1Nlhfn/alqsXrKb/2NG4zQ== X-Received: by 2002:a17:902:c412:b0:161:af8b:f472 with SMTP id k18-20020a170902c41200b00161af8bf472mr12642144plk.56.1653110504521; Fri, 20 May 2022 22:21:44 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id q19-20020a170902f35300b0015ebb3bf277sm609329ple.238.2022.05.20.22.21.43 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 May 2022 22:21:44 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: <99660db6ef5853f9af000b2e0844a39ae9475c18.1653110500.git.ffmpegagent@gmail.com> In-Reply-To: References: Date: Sat, 21 May 2022 05:21:33 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v5 03/10] libavformat/asfdec: fix type of value_len X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz , Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: w9xS63astpuo From: softworkz The value_len is an uint32 not an int32 per spec. That value must not be truncated, neither by casting to int, nor by any conditional checks, because at the end of get_tag, this value is needed to move forward in parsing. When the len value gets modified, the parsing may break. Signed-off-by: softworkz --- libavformat/asfdec_f.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index c7c4ba55d6..eda7175c96 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -219,7 +219,7 @@ static uint64_t get_value(AVIOContext *pb, int type, int type2_size) } } -static void get_tag(AVFormatContext *s, const char *key, int type, int len, int type2_size) +static void get_tag(AVFormatContext *s, const char *key, int type, uint32_t len, int type2_size) { ASFContext *asf = s->priv_data; char *value = NULL; @@ -529,7 +529,7 @@ static int asf_read_ext_stream_properties(AVFormatContext *s) static int asf_read_content_desc(AVFormatContext *s) { AVIOContext *pb = s->pb; - int len1, len2, len3, len4, len5; + uint32_t len1, len2, len3, len4, len5; len1 = avio_rl16(pb); len2 = avio_rl16(pb); @@ -620,25 +620,23 @@ static int asf_read_metadata(AVFormatContext *s) ASFContext *asf = s->priv_data; uint64_t dar_num[128] = {0}; uint64_t dar_den[128] = {0}; - int n, stream_num, name_len_utf16, name_len_utf8, value_len; + int n, name_len_utf8; + uint16_t stream_num, name_len_utf16, value_type; + uint32_t value_len; int ret, i; n = avio_rl16(pb); for (i = 0; i < n; i++) { uint8_t *name; - int value_type; avio_rl16(pb); // lang_list_index - stream_num = avio_rl16(pb); - name_len_utf16 = avio_rl16(pb); - value_type = avio_rl16(pb); /* value_type */ - value_len = avio_rl32(pb); + stream_num = (uint16_t)avio_rl16(pb); + name_len_utf16 = (uint16_t)avio_rl16(pb); + value_type = (uint16_t)avio_rl16(pb); /* value_type */ + value_len = avio_rl32(pb); - if (value_len < 0 || value_len > UINT16_MAX) - return AVERROR_INVALIDDATA; - - name_len_utf8 = 2*name_len_utf16 + 1; - name = av_malloc(name_len_utf8); + name_len_utf8 = 2 * name_len_utf16 + 1; + name = av_malloc(name_len_utf8); if (!name) return AVERROR(ENOMEM); From patchwork Sat May 21 05:21:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35863 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:9992:b0:82:461d:f3b with SMTP id ve18csp919849pzb; Fri, 20 May 2022 22:22:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJya/d6/Yo/sMDW6D3XuAloBhwuXv2MVvR/cdVL/FCMpR8fkiXaZDWvZx4U0DFakcwPbBXC1 X-Received: by 2002:a17:907:7f0c:b0:6fa:8f52:98fc with SMTP id qf12-20020a1709077f0c00b006fa8f5298fcmr11321354ejc.454.1653110551641; Fri, 20 May 2022 22:22:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653110551; cv=none; d=google.com; s=arc-20160816; b=V4E7ULXcgaC2taSydc07eUz2Bx4DRxrbt8aB2BJgr3mqfvO8ut+6RDgNufJ4sDNovi hfUPkVc9xklXAGkeGwQ3YBarlcU7F2Fc7pTGq/ofiAcB9X+IB4oXcOcZJ+EGboGcklcq smgJgHepNYMzWvA7OzwTpYQ7PC+cogRi9JfWaIZUl6VfG0F+mF7+gP9Jnrotcat8hIW8 1OdibEk6kRWbtx3MES/MQo31kqMevWnBzHqZiq+uzvRjLhXmg+xb8Lqr9h1HprmZhIvH gm4uBlxnwH0yYQuzB9dFEu/wAVK1RhzGrWI5Y9e7WDcO+kK/UzOlOpF3+m2oswKcctqi 08kA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=89mZpGzjOtRjqpzUR+O5C6P5fDYN97LSlQ1VWbJa/n8=; b=FwOwC5R0sWScuejAaHogR/e2zpwMBVk0wnsDehP0MfPRedeSo0MmdvtdTK2eTmkSZf +Eukqe1xFVb/tz3R2ekOqOTUpLobn7Z9xH4xQvXsM9SZQDPEudaQmDMipAZgcWrTkvkl +mIPFwBqxBbzooTIAqWK7O5aOuE87wIScYocdYptT+SACzdt0VK2tNcV7WYdTzBrpV5j ZyQOkEPnMQbxd4AXN3iaScTuxZh7GkMDHFhe1TbLDYe4gn9Lw1EFb6O/iQBdmTa5F7ek aBLLqb1g8F/RonjIRCe2V+iALI9kfMB0+CWvISBiOwonyTLavSPFouqaJIyU1ytLEc9I TJow== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=djULgYf0; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id do18-20020a170906c11200b006fe89b99be7si750109ejc.873.2022.05.20.22.22.30; Fri, 20 May 2022 22:22:31 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=djULgYf0; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1C9CB68B379; Sat, 21 May 2022 08:21:55 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 52E1A68B49C for ; Sat, 21 May 2022 08:21:47 +0300 (EEST) Received: by mail-pf1-f182.google.com with SMTP id v11so9308071pff.6 for ; Fri, 20 May 2022 22:21:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=D9c7VBND5lM6c2l/hN37gsSq6r7rOHfuot8SuI5nRzI=; b=djULgYf0YvK29VTvigaI0KyYOKAFo9WwEU+g5IWcyfKuPvFrZLtSsGXvr0BNhuwRqt QTqM1wMcteuaiYg+/IvFQb18RK0PGwWRdRIx9TXOYD7+H5wm6sbRNaL2TIfUdlDyaa2k RQ9oYNL+XsW9VXQVNwH+pVQ9Eepw3Go44Ry35beLLK/TAhlkTdy7dRIKxeZic1lhhgBF 1SOMISjgPzaQAxDPi8Sy8VEe6f9V8P7jx/PYs4Tf3EMJ1iyUfSIqETudXgN7umtqm8+G 3KdcTLNuURJFw8VATiL+sVxz6u55FEoUYEH4Ya6Yp+Tl/uoB/DZOanU8Ygy/+nnoZbw4 WkvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=D9c7VBND5lM6c2l/hN37gsSq6r7rOHfuot8SuI5nRzI=; b=63NhR5Zo946v/c7KrL2IwUb8ORlfWeN/zlIyI696rI6FFtv0b71jwKoAeHucUmFT/C gb/PKvWeTy+uQ8eUpkeVEWc3mxpzbjM3JvPXZTK57eM2/BA8VIyehNvG2lw+QbJT9vab pXla+J/pGTn+4hNLhNPvX4AF2xK/0Fvoy+fvLoX57z710oQi3aIScFVLGMSDkZkYLgIs pXzzW1X+6kL/4GGfHETQRBL7ECKdINkj8OkAGxrYDpgw09u0Fd3Dwvus83MJ2gJORJTy ufJzubMGroBqrZUkYkH6OIJaR3R+SPSpY0Ex7D+WCRArdiBOr/G/2gf/hr/Kk0moek2F daSQ== X-Gm-Message-State: AOAM533iOrHwCxC0SMQnBpJg2/6i0a2FT22zt/K+sLmXjgX59ocYz2bo 1XDGB7zgA0hW+uDUFqhGGR2tBMSoIS0PfQ== X-Received: by 2002:a05:6a02:106:b0:36c:96dd:8c17 with SMTP id bg6-20020a056a02010600b0036c96dd8c17mr11732901pgb.190.1653110505604; Fri, 20 May 2022 22:21:45 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id q2-20020a655242000000b003f65560a1a7sm238235pgp.53.2022.05.20.22.21.45 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 May 2022 22:21:45 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: <8aaab15e8b42a4b92df2166c1b393c923249d06a.1653110500.git.ffmpegagent@gmail.com> In-Reply-To: References: Date: Sat, 21 May 2022 05:21:34 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v5 04/10] libavformat/asfdec: fixing get_tag X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz , Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: ENR0relWLLfs From: softworkz These three are closely related and can't be separated easily: In get_tag, the code was adding 22 bytes (in order to allow it to hold 64bit numbers as string) to the value len for creating creating a buffer. This was unnecessarily imposing a size-constraint on the value_len parameter. The code in get_tag, was limiting the maximum value_len to half the size of INT32. This was applied for all value types, even though it is required only in case of ASF_UNICODE, not for any other ones (like ASCII). get_tag was always allocating a buffer regardless of the datatype, even though this isn't required in case of ASF_BYTE_ARRAY The check for the return value from ff_asf_handle_byte_array() being >0 is removed here because the log message is emitted by the function itself now. Signed-off-by: softworkz --- libavformat/asfdec_f.c | 54 +++++++++++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 14 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index eda7175c96..cb7da2d679 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -222,37 +222,63 @@ static uint64_t get_value(AVIOContext *pb, int type, int type2_size) static void get_tag(AVFormatContext *s, const char *key, int type, uint32_t len, int type2_size) { ASFContext *asf = s->priv_data; - char *value = NULL; int64_t off = avio_tell(s->pb); -#define LEN 22 - - av_assert0((unsigned)len < (INT_MAX - LEN) / 2); + char *value = NULL; + uint64_t required_bufferlen; + int buffer_len; if (!asf->export_xmp && !strncmp(key, "xmp", 3)) goto finish; - value = av_malloc(2 * len + LEN); + switch (type) { + case ASF_UNICODE: + required_bufferlen = (uint64_t)len * 2 + 1; + break; + case -1: // ASCII + required_bufferlen = (uint64_t)len + 1; + break; + case ASF_BYTE_ARRAY: + ff_asf_handle_byte_array(s, key, len); + goto finish; + case ASF_BOOL: + case ASF_DWORD: + case ASF_QWORD: + case ASF_WORD: + required_bufferlen = 22; + break; + case ASF_GUID: + required_bufferlen = 33; + break; + default: + required_bufferlen = len; + break; + } + + if (required_bufferlen > INT32_MAX) { + av_log(s, AV_LOG_VERBOSE, "Unable to handle values > INT32_MAX in tag %s.\n", key); + goto finish; + } + + buffer_len = (int)required_bufferlen; + + value = av_malloc(buffer_len); if (!value) goto finish; switch (type) { case ASF_UNICODE: - avio_get_str16le(s->pb, len, value, 2 * len + 1); + avio_get_str16le(s->pb, len, value, buffer_len); break; - case -1: // ASCI - avio_read(s->pb, value, len); - value[len]=0; + case -1: // ASCII + avio_read(s->pb, value, buffer_len - 1); + value[buffer_len - 1] = 0; break; - case ASF_BYTE_ARRAY: - if (ff_asf_handle_byte_array(s, key, len) > 0) - av_log(s, AV_LOG_VERBOSE, "Unsupported byte array in tag %s.\n", key); - goto finish; case ASF_BOOL: case ASF_DWORD: case ASF_QWORD: case ASF_WORD: { uint64_t num = get_value(s->pb, type, type2_size); - snprintf(value, LEN, "%"PRIu64, num); + snprintf(value, buffer_len, "%"PRIu64, num); break; } case ASF_GUID: From patchwork Sat May 21 05:21:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35864 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:9992:b0:82:461d:f3b with SMTP id ve18csp919877pzb; Fri, 20 May 2022 22:22:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzjsIZcjTJiGlwiR1O6k/WKxool70BwP6QRWXE3N4WkEW37X99I0usHHBBeBWgO0+yfLT4I X-Received: by 2002:a05:6402:2993:b0:42a:b25c:c9ce with SMTP id eq19-20020a056402299300b0042ab25cc9cemr14057446edb.0.1653110560566; Fri, 20 May 2022 22:22:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653110560; cv=none; d=google.com; s=arc-20160816; b=azk0N3dqIUnpK2Hs3DDoluQik7Mo11Pv1AJ0U/ZMbOAzZr4CZDW+S5Bc40jxM1c9pR KPivuEg35SLgl+PodLmSqy9bVNzKp6oDS+xaAmmaKjIIaeBq9fW1QxOCMxmawclEb4vz FdOi0bxLB1di7iozWJsCJu/IdN6jXfiJ1o0uKZLiffX6L8AoBsrzMIwcbwmjKqkeVM0b s5s5NNxFisQjuGwi4U6dNPMdzloR7HwJ+lSpXWfb8WOwf27pFrkyYnA04Z1o5buZzDYl KRoZa/4SG6PF+NZksHa051lv/aA+bAIErSmg1LIwLMKZ2Mj8sdcymcAdYuZdYNULHU3r P99w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=+sXsHIu5iwCtmM5dqUlj8iSAMJwIA5aSY8gVwlCOyGU=; b=gt40/cen69B5GccmNFuolfdxV2tEa73FT8sv7JKy502yUIMTCRpWL9C+FNRW3uZaeb GqtuVTKqddqPyYF4Ditw7gTjEKHxdXzsq+gPNlM4GZaQiHr5XP3HGaED2LVu6+sZwjn+ GT9VVSZRmtGfRYUzSR7qkIb7CP10525twVqDNu612kTMiglWvu2FFx7SJFDFZ9+YkHG6 EFgdMMMD7Lm06ubVSLj2Gsh+fqG2A4BZJmw2lXlIUuqF1SvK/emtoKAsxpf/G5EXRZfY ZfM5povmtBuwq9mkdFgIUZCRwLuILxc7jXVxmSh4V176jKhMkUobM0oIaKokBGnF1nnG zWUQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=Snw3ONXo; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id u6-20020aa7d546000000b0042aa9beb66dsi8680426edr.417.2022.05.20.22.22.40; Fri, 20 May 2022 22:22:40 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=Snw3ONXo; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0135468B4E3; Sat, 21 May 2022 08:21:56 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3644268B3C7 for ; Sat, 21 May 2022 08:21:48 +0300 (EEST) Received: by mail-pg1-f172.google.com with SMTP id h186so9339573pgc.3 for ; Fri, 20 May 2022 22:21:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=EWXQ2/QX6jkFRgzpve7Yj9q8QUBRv7hWik0E6ZcSLE8=; b=Snw3ONXo6mHxAFKiJ3YbMleTKfArZzOWm7cqXhwXoR359iUEDQzCkkUM1nX5M/fmNH rdJ+O2xDfR78tBXZhNFlrC2M2eOdfRRXdWFjIVAlj7uziHumCCmsvYdLnX8VhQML/VnQ NQ1/SmceuD1PHRAHQ6zz47010T7KYZ11WuqqR/c8VzbZJ8ViM6m4o/Rjmuu1ZQics4Jw eisc25ccz56TZ7SitVVuE2J4Xrh0f9R4Xbr56kyXr2RnxS/oEnrZjKHpdP/8Jm+CjU8Y 9OUcbBNXjEVQGIve0fEuA37Ya3dhYHb1XZ0ix/tYH+6X6aMkAHPrQIroPTfL4+7+FSEf BTTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=EWXQ2/QX6jkFRgzpve7Yj9q8QUBRv7hWik0E6ZcSLE8=; b=34E40WJfGo0Hag8zjNsQxhDWwpQ6OWSKe5jj4p41sUTTE6J7kRCYRDyrArILri6nO6 4NQcWy4iDlkOkVuSULAkibKSZR4kApJCFVFrywpWc9Qt24ihfbSLuhJ5lbffSzuy9Nlv jFXj1DVz7DwYsoQs7yterVn70Nk3BW5NvQ5rwOfBhGWJXN6NJIr85j7/8BHaUKT0qHvd mMczJXbJvhQZ3xguqhLPMfGgiO0Xz9k2ZmSrPQ95jzqDq5jQcC2xx4Oy6OQRnAKESnUU JH7PQZj0tYXkzT+p1cAjNMTmznR153HDpUF2wahXoLGHwQpngeuPNJrMmUFYRGIxhjgr LF5A== X-Gm-Message-State: AOAM531CEkrTDH1EpCcEerihzUJzbyms1QKjk6vpBwqYt2X1PT2Mu/aK kpt3naOhgjCTMUFVOtknXY4gMMav4/4+Pw== X-Received: by 2002:a65:6e44:0:b0:3db:219e:2250 with SMTP id be4-20020a656e44000000b003db219e2250mr11482327pgb.369.1653110506519; Fri, 20 May 2022 22:21:46 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id p66-20020a62d045000000b0050dc762817csm2724043pfg.86.2022.05.20.22.21.45 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 May 2022 22:21:46 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: In-Reply-To: References: Date: Sat, 21 May 2022 05:21:35 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v5 05/10] libavformat/asfdec: implement parsing of GUID values X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz , Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: fd63MDqQ8GqY From: softworkz Signed-off-by: softworkz --- libavformat/asfdec_f.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index cb7da2d679..81a29f99d5 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -281,9 +281,12 @@ static void get_tag(AVFormatContext *s, const char *key, int type, uint32_t len, snprintf(value, buffer_len, "%"PRIu64, num); break; } - case ASF_GUID: - av_log(s, AV_LOG_DEBUG, "Unsupported GUID value in tag %s.\n", key); - goto finish; + case ASF_GUID: { + ff_asf_guid g; + ff_get_guid(s->pb, &g); + snprintf(value, buffer_len, "%x", g[0]); + break; + } default: av_log(s, AV_LOG_DEBUG, "Unsupported value type %d in tag %s.\n", type, key); From patchwork Sat May 21 05:21:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35865 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:9992:b0:82:461d:f3b with SMTP id ve18csp919911pzb; Fri, 20 May 2022 22:22:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxUMCnJXx8/r0fBYsTwA1yZKqb9Wf3wQMpzcB7IhixFGmJnQd6ia1N8dp0NE5xM73/tVqkH X-Received: by 2002:a17:907:728f:b0:6f4:5d2d:38c8 with SMTP id dt15-20020a170907728f00b006f45d2d38c8mr11135043ejc.345.1653110570171; Fri, 20 May 2022 22:22:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653110570; cv=none; d=google.com; s=arc-20160816; b=sraklhCW7XI2lNc/sThyGCsDqEBOjwQtIz5WlcqRGafnqCVMJxDGvCcHuzZq5P25q/ UFLLAfUVEKAKDzLtDH1IVZJokTgfaHlb+5VycHo7av3Ttac+n0xD140qf+TiE/KS+AOF Ld+jwonngrspB4gLIO9EHEotCzmzXmvh0ybEvef4ilYZRNcyaZljLlu+2Uykkf3FdoOG JTH7a1rJImsjfmFQ64SFRhbQOOsasYnxwfrxbHGY65eGYrdLS8CXRQ3un39OCWjF3Fj+ zEGHy8Y6OBxYSQai1jc5E8V+/ngYaKw1qxc85ZqOoObnsSJv7oPxD3ZdeP8LTL6ihgA0 sorA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=d+gNINdqrnx4Z8CWbmbfAR+gyf0fmDvsKWBxP6ZQNbo=; b=hKpD/n9ezawxlpyGUPZC/Nx1AFA7FBZjxpRLj5cwOqAw81+PqAfX5WNO4ryXT7WnIW Agtyn1LxcViBCncLd9qD62wgwrD46zPUuxZNgws6eaJWittaHKojRYd0RAp/yfVFauT2 BgfWhORBWmQ8MXTMASCuROpEdu+au++XV8hSQAII2nkXZS47ygP/0eJh4ha72zwpuJoW 3l2xvXRCJM5BjFi9rgqQL0ktLCHg9PBwQHudy1ppSt3XrBOewKa3hPdstlA0tDaWdWKl nExZ6GQLw3qOn9Vb9Unl+avvd2mtZlce45idx+aT6Rbb69rlcnJRsHjUUfnGMk81oPuU vfow== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=m74dll0y; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id hq24-20020a1709073f1800b006feb408957bsi3377221ejc.924.2022.05.20.22.22.49; Fri, 20 May 2022 22:22:50 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=m74dll0y; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E8CEB68B506; Sat, 21 May 2022 08:21:57 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com [209.85.215.170]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1A41968B4A0 for ; Sat, 21 May 2022 08:21:49 +0300 (EEST) Received: by mail-pg1-f170.google.com with SMTP id a9so7313168pgv.12 for ; Fri, 20 May 2022 22:21:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=vx2TslwIOcIR6Sni/VDSsIzDqWpQv9vOiRKO4krgmDA=; b=m74dll0ymuB1LGip82rd1pfvREqTeVSxodZUWYyt7ocA6LwmGfj0r162y/ofFCxwbl wAVqhmTveHvlTwfo2NnH90RyQYiF9BQDKXZ4d9VHXAPVSQkmrTYdMWMo3b542VrwckOw zQHrXMAr4t2FM31T2cWyLbj+ydiDQuzb8pQv/BWjg7GM/iqgkh9bxx4RGcFkWafltn75 v9Tu3liaYxkNxbYZwv0etxkPYJT/e+8oDWvf34n7BaQibqS5lW08V4OsRflWmIZdAkQ2 9sNzNIY+I7n7/esw2Hw/1p/xw/ILsoKNFbr9ZtOFehto0fYO8LCet6N6Yd1zjeGqNpas wB+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=vx2TslwIOcIR6Sni/VDSsIzDqWpQv9vOiRKO4krgmDA=; b=FRlE5SVMGqMIQKt5eHu4msafJIVrMNwk7wP2Nsz9tVKG8cEpSY+avMKSE+2SisLVgg kRAtmi02gwLp/lRWUXxZLdKftb7Wyfbc/uRnDzswRFTzOK9KU61G5Ip3IC8o1CwsceH7 EzZfMcx2JtOMbjIHfQzSd7cXcKMizEXSi8m4K1MwGWMAoabeUDL2k4isAVVTcF8nwixr wk2T9oivVMewcdg7K2mBklXCkJM+TlYfC4qyFtTqVTivHP5BQGT7GJuRNI8W2A3lx1gD 8KPPboaCJOz0qKy7oJJGV7IeJgwekLP6EEcOX9GN0MIyGSiTOXfPQxPGDfda6Ix75oXC hZ4A== X-Gm-Message-State: AOAM533zAQyYHK8nVHwYUskmbK0d57cjKjynTBiHeM5bZUi5AT/nYudI 6zD0xN7topj0gbZvzQYoQ59kQIi6AG4CDQ== X-Received: by 2002:a63:6901:0:b0:3f9:caa5:cffc with SMTP id e1-20020a636901000000b003f9caa5cffcmr3735727pgc.324.1653110507495; Fri, 20 May 2022 22:21:47 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id y17-20020a170902d65100b001620ce2ca39sm81061plh.231.2022.05.20.22.21.46 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 May 2022 22:21:47 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: In-Reply-To: References: Date: Sat, 21 May 2022 05:21:36 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v5 06/10] libavformat/asfdec: avoid clang warnings X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz , Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: CdszMf+Nj0ze From: softworkz such as: - bugprone-macro-parentheses - wextra-semi-stmt Signed-off-by: softworkz --- libavformat/asfdec_f.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index 81a29f99d5..91c3874ac7 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -906,21 +906,21 @@ static int asf_read_header(AVFormatContext *s) } #define DO_2BITS(bits, var, defval) \ - switch (bits & 3) { \ + switch ((bits) & 3) { \ case 3: \ - var = avio_rl32(pb); \ + (var) = avio_rl32(pb); \ rsize += 4; \ break; \ case 2: \ - var = avio_rl16(pb); \ + (var) = avio_rl16(pb); \ rsize += 2; \ break; \ case 1: \ - var = avio_r8(pb); \ + (var) = avio_r8(pb); \ rsize++; \ break; \ default: \ - var = defval; \ + (var) = (defval); \ break; \ } @@ -1003,9 +1003,9 @@ static int asf_get_packet(AVFormatContext *s, AVIOContext *pb) asf->packet_flags = c; asf->packet_property = d; - DO_2BITS(asf->packet_flags >> 5, packet_length, s->packet_size); - DO_2BITS(asf->packet_flags >> 1, padsize, 0); // sequence ignored - DO_2BITS(asf->packet_flags >> 3, padsize, 0); // padding length + DO_2BITS(asf->packet_flags >> 5, packet_length, s->packet_size) + DO_2BITS(asf->packet_flags >> 1, padsize, 0) // sequence ignored + DO_2BITS(asf->packet_flags >> 3, padsize, 0) // padding length // the following checks prevent overflows and infinite loops if (!packet_length || packet_length >= (1U << 29)) { @@ -1066,9 +1066,9 @@ static int asf_read_frame_header(AVFormatContext *s, AVIOContext *pb) asf->stream_index = asf->asfid2avid[num & 0x7f]; asfst = &asf->streams[num & 0x7f]; // sequence should be ignored! - DO_2BITS(asf->packet_property >> 4, asf->packet_seq, 0); - DO_2BITS(asf->packet_property >> 2, asf->packet_frag_offset, 0); - DO_2BITS(asf->packet_property, asf->packet_replic_size, 0); + DO_2BITS(asf->packet_property >> 4, asf->packet_seq, 0) + DO_2BITS(asf->packet_property >> 2, asf->packet_frag_offset, 0) + DO_2BITS(asf->packet_property, asf->packet_replic_size, 0) av_log(asf, AV_LOG_TRACE, "key:%d stream:%d seq:%d offset:%d replic_size:%d num:%X packet_property %X\n", asf->packet_key_frame, asf->stream_index, asf->packet_seq, asf->packet_frag_offset, asf->packet_replic_size, num, asf->packet_property); @@ -1144,7 +1144,7 @@ static int asf_read_frame_header(AVFormatContext *s, AVIOContext *pb) return AVERROR_INVALIDDATA; } if (asf->packet_flags & 0x01) { - DO_2BITS(asf->packet_segsizetype >> 6, asf->packet_frag_size, 0); // 0 is illegal + DO_2BITS(asf->packet_segsizetype >> 6, asf->packet_frag_size, 0) // 0 is illegal if (rsize > asf->packet_size_left) { av_log(s, AV_LOG_ERROR, "packet_replic_size is invalid\n"); return AVERROR_INVALIDDATA; From patchwork Sat May 21 05:21:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35866 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:9992:b0:82:461d:f3b with SMTP id ve18csp919944pzb; Fri, 20 May 2022 22:23:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwggB3gf+zeftraQSV/nGb7eL1jrxFQE8HOC1CWDs2AK8c+iD+OAoFJ/qkZnmwuny5ausft X-Received: by 2002:a05:6402:2753:b0:423:3895:7031 with SMTP id z19-20020a056402275300b0042338957031mr13787214edd.170.1653110580433; Fri, 20 May 2022 22:23:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653110580; cv=none; d=google.com; s=arc-20160816; b=y21ZieNQbimf4gtMztgQh+wU7d7BPOFC9eGt4U3Q7bWY40AmbXMhMiTCIFINSHTb4k DekO21mTbF8iSfJnGOmmG/BVvn0YNWF1y4RxvYSseKzRqr5Wjx67IWPlx+3NVadrc0V7 Np5j4LGV18clG9zmo7+29hwOt3ro9O7moKQhm/emp2+JefRFisKXFNNMavWqc5VQLAPn uquyRWbL3u2gFZsMJLOyl+/ZC34JodFMBItkrLUNptGl5pqoujey92tGft46quYdZnty xR9egKpxqvW2kCM9KYb1F4hRDPwiezoMA/ifgMOkwYgW8BgHJxPPK/ysnM+8Z4lEQ4oh o7hg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=1rAGnlAJNvZgc/WNIg4ccAJX6dEXBH4ra8lpIAutGB4=; b=qiacuPs3DPNCb327++p6JnRoafVKBleGnLPX7K9esO5pN3wLQIfBD2uTxdGGJqpZCy 1SaHy2QXubSIoJ1vb//ZKZ4gXylsttSiVMx+tkzadj8X3Mkn4W29pE07z74IaR8o6cJl /dQjQxi8lgrS5KfQB9n1WycGeu3Q2PptsQkr6YNh7sSuymNVwmWneeHN3VLJEz2Z8ZUn 83PoR5fn/Ofvrp9M2GYRLnpCQzQrmZUCRT0tU1mlV+FzTtN2SaZAFTlvN+UkkBukcs1l oQPmF2YDhJ2y6YGRFUFhoYO/x6NemxlJKGiZUNd0k6JuH3/NZVyevWcTMskA2s7X7gFZ TDtg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b="bXya/sZq"; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id ho14-20020a1709070e8e00b006fec10b986csi432618ejc.634.2022.05.20.22.22.59; Fri, 20 May 2022 22:23:00 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b="bXya/sZq"; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id D5A4C68B4DC; Sat, 21 May 2022 08:21:58 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 04BDA68B379 for ; Sat, 21 May 2022 08:21:50 +0300 (EEST) Received: by mail-pj1-f49.google.com with SMTP id v5-20020a17090a7c0500b001df84fa82f8so9349828pjf.5 for ; Fri, 20 May 2022 22:21:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=yzHwJgJrV+iip743k9ftZfJnHMwka3KcfJ0xROVDoJE=; b=bXya/sZqpyuw4AXnPPoNnPbWLEdcVllFuqT7YgMsbVBtOq/aUtO8Xb43wVYnjMRGyZ XSFs5mEhlVVxo8K7UnNdbvvBLkqwgfSTBFPq6YjcZmBWtI+OJ1XA+BVMaYi7/zM9qy9z g7EvjeGfqpmQQI6EhE5wFAm0AlUbG+oPf5Gq/riDrLDRe17rtnaKtaONtlr72bWAXfU0 4B7bFzDYfHeIYoQwYvhX8y9u/Ps5R6Yar5qYVxw4Z6K/4bZDhkJ089IN0d2mvcrrOKrg jy4tp989jz9fOu1lFvNq/zNN32mMX3WLHEuUUR7kkhZTgOWPif7gEZ0wU6VR6Sr9jzdP u/3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=yzHwJgJrV+iip743k9ftZfJnHMwka3KcfJ0xROVDoJE=; b=hVcN8W136DaFnLwW97wCK6yuq+i38SaZxKmERJ0hGEd+ao8pQ7r0Qe6V4NE5c/Kw/a Qa/hH71AIW8TAGH5GhiHkrk/xUxzjtAL5I+noBn/u+3B4BFh+UPhedmVna/2dFSGBj8W BAaLXiyordgOA24n7BPtwKgE4mXo8Ay1QtHvesc9r/QQJrJ5BW+9SFF4hr/sC1wScL5z PpO00JHw1kTcFqV/TofipCtPzb5mvmxTt8V26nofE7Wl9AZ/Ojp2pix/h5YJrGqq4p57 UXpdB8JQlAfZJZDDRODEmrsVMx4hnVTjV61kCr7lTZQWfWWi+S6Ae8iq51on4A6psQbf 8QRw== X-Gm-Message-State: AOAM533bfkVFqTIHrJkLi0ABfhwOItGSaTBcwFFfm3p8vH7Y+NWQzRP0 AcJAjZ7CvBBjl5PSkh0g94OprZGTAbuUsw== X-Received: by 2002:a17:903:234b:b0:161:cc0d:64c8 with SMTP id c11-20020a170903234b00b00161cc0d64c8mr13018129plh.37.1653110508450; Fri, 20 May 2022 22:21:48 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id y128-20020a62ce86000000b0050dc7628130sm2811853pfg.10.2022.05.20.22.21.47 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 May 2022 22:21:48 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: <0d032d9d4cf26eabe7ebd79874563f11f3763cd8.1653110500.git.ffmpegagent@gmail.com> In-Reply-To: References: Date: Sat, 21 May 2022 05:21:37 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v5 07/10] libavformat/asfdec: remove variable redefinition in inner scope X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz , Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: mzIqcDTo9s5V From: softworkz Signed-off-by: softworkz --- libavformat/asfdec_f.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index 91c3874ac7..fae15d9b05 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -1191,7 +1191,7 @@ static int asf_parse_packet(AVFormatContext *s, AVIOContext *pb, AVPacket *pkt) return AVERROR_EOF; if (asf->packet_size_left < FRAME_HEADER_SIZE || asf->packet_segments < 1 && asf->packet_time_start == 0) { - int ret = asf->packet_size_left + asf->packet_padsize; + ret = asf->packet_size_left + asf->packet_padsize; if (asf->packet_size_left && asf->packet_size_left < FRAME_HEADER_SIZE) av_log(s, AV_LOG_WARNING, "Skip due to FRAME_HEADER_SIZE\n"); @@ -1260,7 +1260,6 @@ static int asf_parse_packet(AVFormatContext *s, AVIOContext *pb, AVPacket *pkt) if (asf_st->pkt.size != asf_st->packet_obj_size || // FIXME is this condition sufficient? asf_st->frag_offset + asf->packet_frag_size > asf_st->pkt.size) { - int ret; if (asf_st->pkt.data) { av_log(s, AV_LOG_INFO, From patchwork Sat May 21 05:21:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35867 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:9992:b0:82:461d:f3b with SMTP id ve18csp919965pzb; Fri, 20 May 2022 22:23:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxR6RWRDEP81Rx5NjhuU62I+9w6Lpy6BoZbmAw8XGMTkuMA/bKrBdof2ePjML0WQ8QA+zG9 X-Received: by 2002:a17:907:9605:b0:6f5:c66:7c13 with SMTP id gb5-20020a170907960500b006f50c667c13mr11261446ejc.66.1653110590021; Fri, 20 May 2022 22:23:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653110590; cv=none; d=google.com; s=arc-20160816; b=ErIzglKGEFN0Q/7ARP7o6aDdU7wUW/JZYEqiobMCKhqgALxIxEom0A4o+FkereYLCA +gnHLThWEioLRvGN5SgMae1HChjsHpmFTI2RltdBnmiW8/RIwPStQqoEihXbRSRorBRZ TIV0HFBxCtlR6fFtOR3ecK8F87Y5kpt9kf5TjAm/4Etsy08sBNwtWMTVvW/kegK1/5Jj /RGF7hNkpY+BBnqf4+LHU63A+MMRxp4oRsJOhSYAw202f9Iv1n5QKvqHe50+zPKBoAUY MuHc8ZXQMWYvpLvYEaXxSo9MvLGvWPHbDCRQ61P8gfCGG7KKXmokIN9nyYl9EarFUA/C 0Nxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=5LMsIBm0l59Xm17pSt2J8UMdKgtZqxco0tgR/InLps8=; b=IsRaGDM8KwGtVl6yvN1xy5+5UErenrWha6TFtqBmhA4N3gJGna4P0pieyMZPUEUmiV 1XSUdFHUCc+9e/WhBfErd9kkQjD/yeVS8FLsufpU35lGPuCV4/GW66K2tunkJaxalNbV 3NiVCLSfy2Q0IL7kFOukrC90Rb4SI6PMQYN6ixZ6qn5/wIs5pq6TE4Ar0AqanlS30Jnp sb+UltaSkPynnzxK0gOpTtYmVZhwc5d8bP1cLYf7oyuqr+1DwZYiDUmgWmJbi9N4EDjw R60yl0180aCx+Qlx6hoi3gRukVrStQmq8joaOSy4ul5URdobRcjvSapC/Jy+rgktgJDo gawA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=DQUx7Dul; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id g7-20020aa7dc47000000b0042a4bc4129esi8822100edu.186.2022.05.20.22.23.08; Fri, 20 May 2022 22:23:10 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=DQUx7Dul; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id CED7268B4E7; Sat, 21 May 2022 08:21:59 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com [209.85.215.170]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id D64E868B4FD for ; Sat, 21 May 2022 08:21:50 +0300 (EEST) Received: by mail-pg1-f170.google.com with SMTP id h186so9339623pgc.3 for ; Fri, 20 May 2022 22:21:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=+OkvnpUMe4YiAOwpKqdg0nuAUExQNbUWQH91ovfxBig=; b=DQUx7DulIvrdOgpfJBhLE+uJv/8KKA+VtfYT2dgAwZGesVQ3vEXhxPRg3Hn4lcFGqm 2Kqc6uajSkhp/f59g20wASxu4cfKuepn07vPcNP3Hyq/Hfdvf2t0w1SafUoi2i2IdvO3 JJW2Jv0j8OtJlFFHtU/zlwaZs8UNVPa5wMeFOb8Q4xP5OcrsYa8nNMiE9EGf8vTa2sjZ g6OzSX8EcWM4SQoA+3iW7oAlz1gYLsWirf5nykrk7Cv5Ptbcjan9QM3ceo/LXly2wdBl sX56sGHcXzgIfZLuwx2fSZagacpL5ZfnPMpsHbBchtcFNWZe2E2fepANNC5xqQPHZS+k vN/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=+OkvnpUMe4YiAOwpKqdg0nuAUExQNbUWQH91ovfxBig=; b=wc02L26pI3ewHS1sJ12PPFyV/QDCZkAY0UwUJz4t3675LsB92HQ8PB48x9NXVraOND 1I5qc4NkuqMyORUbtXcSq8F8UfaDaSCWtQQgzNzHLbIP+/0MVltzd/QF5gFVFP2WhlKb VfqNoppQlUeKewtVySGlGZenaSBMNeqEOVnngrKKWyakVpAsDLQjE5FesFUypoe/pbGV ahLtYkeny3zwCLNBvVO7tPfm2NDQvLjU8cXK8kTjf7wTKm4nhTIB3fvugydSqwXGhh3V k6eGp+Mu+Q3D1A/p07+LoSFVoN3WeLELnJUSaxwpBcyB/PlBD+Zx8JMjWSYycIJZHpWC fvOw== X-Gm-Message-State: AOAM530T1TG1MjnG+aNDchzk5OEjP9OdL6bcdp58EOtQIS9OhPbxmP0G hHqWJDAj5eaiURWoYHrM3UiZZTgbKdjGVA== X-Received: by 2002:a63:fd51:0:b0:3c1:977e:1fed with SMTP id m17-20020a63fd51000000b003c1977e1fedmr11100960pgj.246.1653110509393; Fri, 20 May 2022 22:21:49 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id i7-20020a17090a2a0700b001df7c160875sm2715280pjd.25.2022.05.20.22.21.48 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 May 2022 22:21:48 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: <6bdb2d8bec53cf2e66d69f8fa3e09daa4384b31a.1653110500.git.ffmpegagent@gmail.com> In-Reply-To: References: Date: Sat, 21 May 2022 05:21:38 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v5 08/10] libavformat/asfdec: ensure variables are initialized X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz , Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: YNHrd0/MjB6c From: softworkz Signed-off-by: softworkz --- libavformat/asfdec_f.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index fae15d9b05..cb396cccfe 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -978,6 +978,7 @@ static int asf_get_packet(AVFormatContext *s, AVIOContext *pb) avio_seek(pb, -1, SEEK_CUR); // FIXME } } else { + d = e = 0; c = avio_r8(pb); if (c & 0x80) { rsize ++; From patchwork Sat May 21 05:21:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35868 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:9992:b0:82:461d:f3b with SMTP id ve18csp920000pzb; Fri, 20 May 2022 22:23:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzvXW9ybOQC96uzZbqaiJnThFwWPXjGhQlyo2b12DyYPyrSqpaMyddiG57aR8m4/YnLVMom X-Received: by 2002:a05:6402:1704:b0:42a:c480:dcc8 with SMTP id y4-20020a056402170400b0042ac480dcc8mr14458685edu.59.1653110599457; Fri, 20 May 2022 22:23:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653110599; cv=none; d=google.com; s=arc-20160816; b=Ow7aVh39omNNZYbMBBYtPn7rNCiaLAVOS6GGsa+0+DBmdLvL3eQBvZXFkzpb00jSey QHpQVgUf/kOkJmvZqSL/4Q5ASGFw5Cj8+LRBx6n05R456ygPJ8jvP6h2izuchuP1Muiv u9jU2Q3g4EuQTaNROJClxwnjC3kufGljjq+gzQaX8Nxc9WjtjT6mPitVFHBaiT4rJ/8I S24alDXierR/LYLKNJQcJ8f4rG5f2s75Ev44u7KVpVL2Z4N/EkDMDDTlnmKQidMvA7qn i++Jh9HD+TW37Tk3reC0j2rh7Cn+ulvsCGBn5UPGPC8MooSsQaKrAPD6OCie9sm92vlv dABA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=0vnUjW6kXyuDCGQwIvFccrkRmaSWI5Rgg9YQ3B91PAk=; b=rVZ78rEPGnwQ3npFtlGc0CXJ2Uj3lGB0JWV2DuxeCtLSsGHjCQ4SNiA772NtaF9Ia0 p0mZXTgPvfDjaSqWmFu6k1N0735nt3lrxOSqbFtFCZsOgwkegUhKXK91upui3aJNFcbd 6b0fFYTCOFVGmVMJ2GGmccc0sbEYlv1/mlcBVNZfJz9XG+MowrHJ5wOO/2G+qOFaffH7 bfU6hHNZ0Tw9Jb/Z8xrafgjYe7u7VaWXoYmxUB2nZNG2M5RIPQxRwP7xIgjV4I7Lg69+ MsIDibM1tsOZlcgJUdliC1l6zPoJO/9Lq5tkNOaeqjrI/9J8+DoLdSiXCFvzrzdGC1a4 dv2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=BvxhRVRu; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id c11-20020a50e3cb000000b00418c2b5bf1dsi10289321edm.511.2022.05.20.22.23.18; Fri, 20 May 2022 22:23:19 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=BvxhRVRu; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B2A2E68B4E0; Sat, 21 May 2022 08:22:00 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id D0AF268B4DC for ; Sat, 21 May 2022 08:21:51 +0300 (EEST) Received: by mail-pl1-f181.google.com with SMTP id m1so8892111plx.3 for ; Fri, 20 May 2022 22:21:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=2df49WwXuyFHQcX5rxDTmNm6bSFSRuyfB6jKq955jJY=; b=BvxhRVRuoqrccEy03GMe4sU/pbcKhmYJYn0tZFXm6XJuxzo/UZLJ96lD2e4E0ZEfzo qwnmfansCzYDsgqfwZcQOlHsMVqe+YuzLbVsXzRE1S8xE0yyuyBh99u0+qHg7GyO6pBM U+8wSbq4p3iuq55grokoRReXZ3WvBAwaPPByYKudtGWhy8WDgW7q+DRCzNpvPOEv2zqE zVqnKAKJEjea8K71aoBubdgdRIKm9v8aqT8Ofl7avVzBcMZzCU6koGgClhOZXPbv6Y4V DKB5Y73KMsAE/qt8QINo7AgerLR3HJQgoLxH7XYyGj6svzA352l8m+Et0K5aGFOQjXfe 0F9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=2df49WwXuyFHQcX5rxDTmNm6bSFSRuyfB6jKq955jJY=; b=2S8bjL2Fl4yjRRvbYaP+9Nk4JR+jjW5p+pqKrWofUfx8gSHtBnf697hHJB1ncjGmc1 EKSfjgX2nzEzEOt8eqCrJsWFcpdlZOv+/iQNidwj5DbNJJ11mVI6df76cm1ALFsN2Tio TnlFi1uxvN+Ij6PIUxcwQiZ4A1TXu//9fB241SCim/tRdpN8qWAsFHQUcV6LPlp6B8mw Af6LGQ3dk5KG0WjgpiYsNdB20ZcyeI48S/IN9WZ+ARB0uxt8xc3LaBNX6VdtPmVjZTwV HpmCM+zuLarTEKlzMZHKgIPxwZ9CXAhdNEcvW89YmxWSPCoMxJJzWf1QoWDhgl7Knmto F/Sg== X-Gm-Message-State: AOAM5317Pe+IvInkCXNE0M9QWCHkjaGsHlh8N/Y4q0CDls/pDn6MY5ob a/OMnmj1EVWRhjqZvgWpttcfiI5FdZoufw== X-Received: by 2002:a17:90b:4c8a:b0:1df:dedb:8bb6 with SMTP id my10-20020a17090b4c8a00b001dfdedb8bb6mr11522959pjb.6.1653110510287; Fri, 20 May 2022 22:21:50 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id u17-20020a170903125100b0015e8d4eb1c8sm643729plh.18.2022.05.20.22.21.49 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 May 2022 22:21:49 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: In-Reply-To: References: Date: Sat, 21 May 2022 05:21:39 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v5 09/10] libavformat/asfdec: fix parameter type in asf_read_stream_propertie() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz , Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: +S1Caj3KKbd4 From: softworkz Signed-off-by: softworkz --- libavformat/asfdec_f.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index cb396cccfe..95cab8b960 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -324,7 +324,7 @@ static int asf_read_file_properties(AVFormatContext *s) return 0; } -static int asf_read_stream_properties(AVFormatContext *s, int64_t size) +static int asf_read_stream_properties(AVFormatContext *s, uint64_t size) { ASFContext *asf = s->priv_data; AVIOContext *pb = s->pb; From patchwork Sat May 21 05:21:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aman Karmani X-Patchwork-Id: 35869 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:9992:b0:82:461d:f3b with SMTP id ve18csp920027pzb; Fri, 20 May 2022 22:23:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyv52ylasW8VYYmtLvOp7ec7gt86LL789HUgayqbyjYs6iCpuL+qb306+fIdFWGzG5GFjpm X-Received: by 2002:a17:906:19c6:b0:6ce:98a4:5ee6 with SMTP id h6-20020a17090619c600b006ce98a45ee6mr11320882ejd.567.1653110608823; Fri, 20 May 2022 22:23:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653110608; cv=none; d=google.com; s=arc-20160816; b=MF3y+9n0mvuY4GB6E+BcYmt6PSZW7NPuMtoiuht7gmCFfDaXpDvD0YGHTg0uzmym1C s6pLgPgF1hHqkkJg/8pu9Q+qSmtXr5rVzGK4jQ2uuFu/4Mc8UsqsbuIrUXD6P5Fyk+5W JJ24t2FX6P8Lu+FfZ9FoWSgJ0xTM28JueAPCPhH/whrNA2KW7p/qPCR8zjMmWr6nVUTJ yNOeQ2JYRByLQU8yRfW7ggb7wx1IoqzirCj1VAu5+7vKqz64KbhQwc5h83rXmJwVzE+d DR64/+/nZJN5HcxSNHITEMjRIxgfrWNcoBOGWxN9LATjScuegx8BUT51z3PAA6UdwoX+ z2Ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:mime-version:fcc:date:references :in-reply-to:message-id:from:dkim-signature:delivered-to; bh=HEuhfykWr7jMpiKbMIEpKMgc/eVGGgtRSxKHM+1H68o=; b=POHecHAfnjjdchs/jkCKYh7P9QMDgbsoFAcrNYUo0Z43+xdTvcxdiD+hw8xcfJoTbb 1rt6ILL10vlhiVuVL+dWx9xXzarqwZ75UXY78O5guH7RVPZpKJO/qsBplRARA03Vxi65 rwpmLT0Ih9xnE7pYvkSkUEe1aGrKsrfQDXlq/U9lvi36Y30//aOE/sgXFsoaCE1idpof fo4WNf2FnzQlMt93vVZn/URkADWFoHiOCdCXoHZE6XMxZWtUITCwMMppUyRwzdBTld3X MjmORsqQYViNPj4FNbbN4eAavTQnGT9TzGg4smlTJPIbBZTjy0bGpN1JM15XomXWc6I8 xGEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=ACC5MHyp; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id gs18-20020a1709072d1200b006fe8832ae3dsi10951706ejc.839.2022.05.20.22.23.28; Fri, 20 May 2022 22:23:28 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=ACC5MHyp; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B2B3168B517; Sat, 21 May 2022 08:22:02 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C7C4D68B506 for ; Sat, 21 May 2022 08:21:52 +0300 (EEST) Received: by mail-pl1-f180.google.com with SMTP id q18so8877032pln.12 for ; Fri, 20 May 2022 22:21:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:in-reply-to:references:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=eZeMFFuwzvKEATfntqUCVVbEgvuxqvZmvNNw0IKhqR0=; b=ACC5MHypgbDj8j7B72oa04WjgSMIv2nXARjSg8GkDZPG0n+mZZ9HB1P9f+9Lqe6SjE x0jPcjjO4bCUtc/h/GJISvWTY6DvOQ2KyrHia0MVwf8AL+cBryjrIYZ6IpGNHCFDTPcg 0R6PHkAYMMwGjE1bDU1e3SYNS07360MAlGYX1zub57Bj2spBEr7UYFECtOu5zMxvlc73 xcduhtzFW3KezY7E9L5AA9NZcxLVKfh2C0Hl645w4scpAKfSwzBJgzz48TPsQXNHpzx6 Lx/P/yUTq0GiMFVSDNXerX5WvHouR9GK9EEMeejdl64UyFiFlTkbaLeeoExaSwG2BDK4 KtZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:in-reply-to:references:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=eZeMFFuwzvKEATfntqUCVVbEgvuxqvZmvNNw0IKhqR0=; b=kL+DQAuM/BaPn9XB9zRPAib25pimVMlUwWXVfk5G1CndPjV7Z+Bumi50/bnpi2kUaX KKGKXgofYP69asjzWZA7ih+xWuuOYHwPJBqhTRQpPrai4z+kGOH3lk7OX27KMXIC47l9 YbtWECPrEn/MQ+IFcQ11fQPjHdskSq0uzwmBmEdHrL2Zw3/S4IFnM/egwSOsWUvkDFrF 0UzCbaQ0V780kre58G3BA2RWTzj/aSaTxtn8HlI+ykqTtI68gPb13t0GxqFb+t1vYUUZ TMHZ8yWNa+p8wJz6b86Wj6atEeARsHstTlacKhN3k+yjHwF8CHGFUlZLekaYJWZfOjy5 x4+Q== X-Gm-Message-State: AOAM53214apybTO71zn6bPcCKUkEV//2S/JEhKo2FwdnTj45VQHdAl1E uQcrb/BnxYIqWuwbsGLYp70+D7+s/zg6dA== X-Received: by 2002:a17:902:6805:b0:161:8214:c170 with SMTP id h5-20020a170902680500b001618214c170mr13256508plk.11.1653110511212; Fri, 20 May 2022 22:21:51 -0700 (PDT) Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50]) by smtp.gmail.com with ESMTPSA id li11-20020a17090b48cb00b001d75aabe050sm2682159pjb.34.2022.05.20.22.21.50 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 May 2022 22:21:50 -0700 (PDT) From: softworkz X-Google-Original-From: softworkz Message-Id: In-Reply-To: References: Date: Sat, 21 May 2022 05:21:40 +0000 Fcc: Sent MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH v5 10/10] libavformat/asfdec: fix variable types and add checks for unsupported values X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , softworkz , Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: SJa4FT5us8d0 From: softworkz Signed-off-by: softworkz --- libavformat/asfdec_f.c | 168 ++++++++++++++++++++++++++--------------- 1 file changed, 108 insertions(+), 60 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index 95cab8b960..d50682b901 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -333,9 +333,9 @@ static int asf_read_stream_properties(AVFormatContext *s, uint64_t size) ASFStream *asf_st; ff_asf_guid g; enum AVMediaType type; - int type_specific_size, sizeX; - unsigned int tag1; - int64_t pos1, pos2, start_time; + unsigned int tag1, type_specific_size, sizeX; + int64_t pos1, pos2; + uint32_t start_time; int test_for_ext_stream_audio, is_dvr_ms_audio = 0; if (s->nb_streams == ASF_MAX_STREAMS) { @@ -404,7 +404,14 @@ static int asf_read_stream_properties(AVFormatContext *s, uint64_t size) st->codecpar->codec_type = type; if (type == AVMEDIA_TYPE_AUDIO) { - int ret = ff_get_wav_header(s, pb, st->codecpar, type_specific_size, 0); + int ret; + + if (type_specific_size > INT32_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported WAV header size (> INT32_MAX)\n"); + return AVERROR(ENOTSUP); + } + + ret = ff_get_wav_header(s, pb, st->codecpar, (int)type_specific_size, 0); if (ret < 0) return ret; if (is_dvr_ms_audio) { @@ -434,21 +441,32 @@ static int asf_read_stream_properties(AVFormatContext *s, uint64_t size) } } else if (type == AVMEDIA_TYPE_VIDEO && size - (avio_tell(pb) - pos1 + 24) >= 51) { + unsigned int width, height; avio_rl32(pb); avio_rl32(pb); avio_r8(pb); avio_rl16(pb); /* size */ - sizeX = avio_rl32(pb); /* size */ - st->codecpar->width = avio_rl32(pb); - st->codecpar->height = avio_rl32(pb); + sizeX = avio_rl32(pb); /* size */ + width = avio_rl32(pb); + height = avio_rl32(pb); + + if (width > INT32_MAX || height > INT32_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported video size %dx%d\n", width, height); + return AVERROR(ENOTSUP); + } + + st->codecpar->width = (int)width; + st->codecpar->height = (int)height; /* not available for asf */ avio_rl16(pb); /* panes */ st->codecpar->bits_per_coded_sample = avio_rl16(pb); /* depth */ tag1 = avio_rl32(pb); avio_skip(pb, 20); if (sizeX > 40) { - if (size < sizeX - 40 || sizeX - 40 > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE) - return AVERROR_INVALIDDATA; + if (size < sizeX - 40 || sizeX - 40 > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE) { + av_log(s, AV_LOG_DEBUG, "Unsupported extradata size\n"); + return AVERROR(ENOTSUP); + } st->codecpar->extradata_size = ffio_limit(pb, sizeX - 40); st->codecpar->extradata = av_mallocz(st->codecpar->extradata_size + AV_INPUT_BUFFER_PADDING_SIZE); @@ -500,9 +518,9 @@ static int asf_read_ext_stream_properties(AVFormatContext *s) ASFContext *asf = s->priv_data; AVIOContext *pb = s->pb; ff_asf_guid g; - int ext_len, payload_ext_ct, stream_ct, i; - uint32_t leak_rate, stream_num; - unsigned int stream_languageid_index; + uint16_t payload_ext_ct, stream_ct, i; + uint32_t leak_rate, ext_len; + uint16_t stream_languageid_index, stream_num; avio_rl64(pb); // starttime avio_rl64(pb); // endtime @@ -514,15 +532,15 @@ static int asf_read_ext_stream_properties(AVFormatContext *s) avio_rl32(pb); // alt-init-bucket-fullness avio_rl32(pb); // max-object-size avio_rl32(pb); // flags (reliable,seekable,no_cleanpoints?,resend-live-cleanpoints, rest of bits reserved) - stream_num = avio_rl16(pb); // stream-num + stream_num = (uint16_t)avio_rl16(pb); // stream-num - stream_languageid_index = avio_rl16(pb); // stream-language-id-index + stream_languageid_index = (uint16_t)avio_rl16(pb); // stream-language-id-index if (stream_num < 128) asf->streams[stream_num].stream_language_index = stream_languageid_index; avio_rl64(pb); // avg frametime in 100ns units - stream_ct = avio_rl16(pb); // stream-name-count - payload_ext_ct = avio_rl16(pb); // payload-extension-system-count + stream_ct = (uint16_t)avio_rl16(pb); // stream-name-count + payload_ext_ct = (uint16_t)avio_rl16(pb); // payload-extension-system-count if (stream_num < 128) { asf->stream_bitrates[stream_num] = leak_rate; @@ -536,12 +554,10 @@ static int asf_read_ext_stream_properties(AVFormatContext *s) } for (i = 0; i < payload_ext_ct; i++) { - int size; + uint16_t size; ff_get_guid(pb, &g); - size = avio_rl16(pb); + size = (uint16_t)avio_rl16(pb); ext_len = avio_rl32(pb); - if (ext_len < 0) - return AVERROR_INVALIDDATA; avio_skip(pb, ext_len); if (stream_num < 128 && i < FF_ARRAY_ELEMS(asf->streams[stream_num].payload)) { ASFPayload *p = &asf->streams[stream_num].payload[i]; @@ -580,20 +596,21 @@ static int asf_read_ext_content_desc(AVFormatContext *s) ASFContext *asf = s->priv_data; uint64_t dar_num = 0; uint64_t dar_den = 0; - int desc_count, i, ret; + uint16_t desc_count, i; + int ret; - desc_count = avio_rl16(pb); + desc_count = (uint16_t)avio_rl16(pb); for (i = 0; i < desc_count; i++) { - int name_len, value_type, value_len; + uint16_t name_len, value_type, value_len; char name[1024]; - name_len = avio_rl16(pb); + name_len = (uint16_t)avio_rl16(pb); if (name_len % 2) // must be even, broken lavf versions wrote len-1 name_len += 1; if ((ret = avio_get_str16le(pb, name_len, name, sizeof(name))) < name_len) avio_skip(pb, name_len - ret); - value_type = avio_rl16(pb); - value_len = avio_rl16(pb); + value_type = (uint16_t)avio_rl16(pb); + value_len = (uint16_t)avio_rl16(pb); if (!value_type && value_len % 2) value_len += 1; /* My sample has that stream set to 0 maybe that mean the container. @@ -627,14 +644,16 @@ static int asf_read_language_list(AVFormatContext *s) { AVIOContext *pb = s->pb; ASFContext *asf = s->priv_data; - int j, ret; - int stream_count = avio_rl16(pb); + int ret; + uint16_t j; + const uint16_t stream_count = (uint16_t)avio_rl16(pb); + for (j = 0; j < stream_count; j++) { char lang[6]; - unsigned int lang_len = avio_r8(pb); + const uint8_t lang_len = (uint8_t)avio_r8(pb); if ((ret = avio_get_str16le(pb, lang_len, lang, sizeof(lang))) < lang_len) - avio_skip(pb, lang_len - ret); + avio_skip(pb, (int)lang_len - ret); if (j < 128) av_strlcpy(asf->stream_languages[j], lang, sizeof(*asf->stream_languages)); @@ -649,14 +668,14 @@ static int asf_read_metadata(AVFormatContext *s) ASFContext *asf = s->priv_data; uint64_t dar_num[128] = {0}; uint64_t dar_den[128] = {0}; - int n, name_len_utf8; - uint16_t stream_num, name_len_utf16, value_type; + int name_len_utf8; + uint16_t stream_num, name_len_utf16, value_type, i, n; uint32_t value_len; - int ret, i; - n = avio_rl16(pb); + int ret; + n = (uint16_t)avio_rl16(pb); for (i = 0; i < n; i++) { - uint8_t *name; + char *name; avio_rl16(pb); // lang_list_index stream_num = (uint16_t)avio_rl16(pb); @@ -670,7 +689,7 @@ static int asf_read_metadata(AVFormatContext *s) return AVERROR(ENOMEM); if ((ret = avio_get_str16le(pb, name_len_utf16, name, name_len_utf8)) < name_len_utf16) - avio_skip(pb, name_len_utf16 - ret); + avio_skip(pb, (int)name_len_utf16 - ret); av_log(s, AV_LOG_TRACE, "%d stream %d name_len %2d type %d len %4d <%s>\n", i, stream_num, name_len_utf16, value_type, value_len, name); @@ -707,19 +726,21 @@ static int asf_read_marker(AVFormatContext *s) { AVIOContext *pb = s->pb; ASFContext *asf = s->priv_data; - int i, count, name_len, ret; + int ret; + unsigned count, i; + uint16_t name_len; char name[1024]; avio_rl64(pb); // reserved 16 bytes avio_rl64(pb); // ... count = avio_rl32(pb); // markers count avio_rl16(pb); // reserved 2 bytes - name_len = avio_rl16(pb); // name length + name_len = (uint16_t)avio_rl16(pb); // name length avio_skip(pb, name_len); for (i = 0; i < count; i++) { - int64_t pres_time; - int name_len; + uint64_t pres_time; + unsigned name2_len; if (avio_feof(pb)) return AVERROR_INVALIDDATA; @@ -730,13 +751,18 @@ static int asf_read_marker(AVFormatContext *s) avio_rl16(pb); // entry length avio_rl32(pb); // send time avio_rl32(pb); // flags - name_len = avio_rl32(pb); // name length - if ((unsigned)name_len > INT_MAX / 2) + name2_len = avio_rl32(pb); // name length + if (name2_len > INT_MAX / 2) return AVERROR_INVALIDDATA; - if ((ret = avio_get_str16le(pb, name_len * 2, name, - sizeof(name))) < name_len) - avio_skip(pb, name_len - ret); - avpriv_new_chapter(s, i, (AVRational) { 1, 10000000 }, pres_time, + if ((ret = avio_get_str16le(pb, (int)name2_len, name, + sizeof(name))) < name2_len) + avio_skip(pb, name2_len - ret); + + if (pres_time > INT64_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported presentation time value: %"PRIu64"\n", pres_time); + return AVERROR(ENOTSUP); + } + avpriv_new_chapter(s, i, (AVRational) { 1, 10000000 }, (int64_t)pres_time, AV_NOPTS_VALUE, name); } @@ -749,7 +775,7 @@ static int asf_read_header(AVFormatContext *s) ff_asf_guid g; AVIOContext *pb = s->pb; int i; - int64_t gsize; + uint64_t gsize; ff_get_guid(pb, &g); if (ff_guidcmp(&g, &ff_asf_header)) @@ -764,7 +790,7 @@ static int asf_read_header(AVFormatContext *s) asf->streams[i].stream_language_index = 128; // invalid stream index means no language info for (;;) { - uint64_t gpos = avio_tell(pb); + const int64_t gpos = avio_tell(pb); int ret = 0; ff_get_guid(pb, &g); gsize = avio_rl64(pb); @@ -819,7 +845,12 @@ static int asf_read_header(AVFormatContext *s) len= avio_rl32(pb); av_log(s, AV_LOG_DEBUG, "Secret data:\n"); - if ((ret = av_get_packet(pb, pkt, len)) < 0) + if (len > INT32_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported encryption packet length: %d\n", len); + return AVERROR(ENOTSUP); + } + + if ((ret = av_get_packet(pb, pkt, (int)len)) < 0) return ret; av_hex_dump_log(s, AV_LOG_DEBUG, pkt->data, pkt->size); av_packet_unref(pkt); @@ -933,7 +964,7 @@ static int asf_read_header(AVFormatContext *s) static int asf_get_packet(AVFormatContext *s, AVIOContext *pb) { ASFContext *asf = s->priv_data; - uint32_t packet_length, padsize; + uint32_t packet_length, packet_ts, padsize; int rsize = 8; int c, d, e, off; @@ -1021,7 +1052,12 @@ static int asf_get_packet(AVFormatContext *s, AVIOContext *pb) return AVERROR_INVALIDDATA; } - asf->packet_timestamp = avio_rl32(pb); + packet_ts = avio_rl32(pb); + if (packet_ts > INT32_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported packet_timestamp value: %d\n", packet_ts); + return AVERROR(ENOTSUP); + } + asf->packet_timestamp = (int)packet_ts; avio_rl16(pb); /* duration */ // rsize has at least 11 bytes which have to be present @@ -1040,10 +1076,21 @@ static int asf_get_packet(AVFormatContext *s, AVIOContext *pb) rsize, packet_length, padsize, avio_tell(pb)); return AVERROR_INVALIDDATA; } - asf->packet_size_left = packet_length - padsize - rsize; + + if (packet_length - padsize - rsize > INT32_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported packet_size_left value: %d\n", packet_length - padsize - rsize); + return AVERROR(ENOTSUP); + } + asf->packet_size_left = (int)(packet_length - padsize - rsize); + if (packet_length < asf->hdr.min_pktsize) padsize += asf->hdr.min_pktsize - packet_length; - asf->packet_padsize = padsize; + if (padsize > INT32_MAX) { + av_log(s, AV_LOG_DEBUG, "Unsupported packet padsize value: %d\n", padsize); + return AVERROR(ENOTSUP); + } + + asf->packet_padsize = (int)padsize; av_log(s, AV_LOG_TRACE, "packet: size=%d padsize=%d left=%d\n", s->packet_size, asf->packet_padsize, asf->packet_size_left); return 0; @@ -1078,22 +1125,23 @@ static int asf_read_frame_header(AVFormatContext *s, AVIOContext *pb) return AVERROR_INVALIDDATA; } if (asf->packet_replic_size >= 8) { - int64_t end = avio_tell(pb) + asf->packet_replic_size; + const int64_t end = avio_tell(pb) + asf->packet_replic_size; AVRational aspect; - asfst->packet_obj_size = avio_rl32(pb); - if (asfst->packet_obj_size >= (1 << 24) || asfst->packet_obj_size < 0) { + const unsigned packet_obj_size = avio_rl32(pb); + if (packet_obj_size >= (1 << 24)) { av_log(s, AV_LOG_ERROR, "packet_obj_size %d invalid\n", asfst->packet_obj_size); asfst->packet_obj_size = 0; return AVERROR_INVALIDDATA; } + asfst->packet_obj_size = (int)packet_obj_size; asf->packet_frag_timestamp = avio_rl32(pb); // timestamp for (i = 0; i < asfst->payload_ext_ct; i++) { ASFPayload *p = &asfst->payload[i]; - int size = p->size; + uint16_t size = p->size; int64_t payend; if (size == 0xFFFF) - size = avio_rl16(pb); + size = (uint16_t)avio_rl16(pb); payend = avio_tell(pb) + size; if (payend > end) { av_log(s, AV_LOG_ERROR, "too long payload\n"); @@ -1494,7 +1542,7 @@ static int64_t asf_read_pts(AVFormatContext *s, int stream_index, ASFStream *asf_st; int64_t pts; int64_t pos = *ppos; - int i; + unsigned i; int64_t start_pos[ASF_MAX_STREAMS]; for (i = 0; i < s->nb_streams; i++) @@ -1551,7 +1599,7 @@ static int asf_build_simple_index(AVFormatContext *s, int stream_index) int64_t ret; if((ret = avio_seek(s->pb, asf->data_object_offset + asf->data_object_size, SEEK_SET)) < 0) { - return ret; + return (int)ret; } if ((ret = ff_get_guid(s->pb, &g)) < 0)