From patchwork Wed Mar 8 15:55:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?C=C3=A9dric_Le_Barz?= X-Patchwork-Id: 40609 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:d046:b0:cd:afd7:272c with SMTP id hv6csp528626pzb; Wed, 8 Mar 2023 07:55:44 -0800 (PST) X-Google-Smtp-Source: AK7set/qMSf1fQWVqKpDspdc4EeB958561rQkhKrlq8Mj3mTxJnj1Jx5x74hTjnGMeWu4n6evw71 X-Received: by 2002:a17:907:d602:b0:88a:723:f646 with SMTP id wd2-20020a170907d60200b0088a0723f646mr22219001ejc.75.1678290944405; Wed, 08 Mar 2023 07:55:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678290944; cv=none; d=google.com; s=arc-20160816; b=qo7HdIRlX3jsseVjhTID5DALyjjp4mJUGq/biSbgmkDgXgf3eUggRqsm3hzMvc0hTf YDRi2m1UdotStuFxEGk92/QPGjp/tDuZ0Yfd0TSTG2cBAD56NFiWG2uIX6IlO39wvy1w +g5me0XeRyOjQiYyQd5hTBXCjoCQi7XEym0epVE6QZeiqViSeNAHMPAtdtSRRLKxu63W qXFKvTBuQz731/V3QDoYi3XgdZtS3fI6vW8xHEtSs5rAXzBwdAE1U+2E2xAfNHWWfR3j +bzxSI+0PcujERdzIKuUcaZgFGFGa7TF3ULuYyXHhmD63BMSD1wC6DL2nQJc5FJA/YPF mQ1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:content-language:to:from:mime-version:date :message-id:delivered-to; bh=LtJbo9IZNoNKbanIF+jP3QejgjdwS69hP4831yAL2zs=; b=qTiJu4pa/TSwavL5WobZYeDvfrMhUDy2ca8OPWPdiZ89Ns+A3RyinxmTh8mA8PEq1v G9BnCmXE+iHi+994Viz0bDFy8mPi1LHJFDoirdyz6CjST76oYKwFQe4zRJJWtq3cTshQ kUVIC51QF4nzL+qyjfrm8HoIJFFKUn1hmmPuPP6KsI5pWDwnt87+lv2f+bcaE0jNsCBn jvNCh6tMudu1LEGIXxS9a28DoqKaYy7Z2iJ0L+nJo5ZYCYMHLYCtSOsvPYQyGcwZiYlX E3idRuXipI4oC6vS8GOoyfEaoQS03XlcyX7GMGHWunV9ilpgnya/yEPqtrsw4Uo2BBGm bopw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id b19-20020a1709064d5300b008be51be536bsi5118140ejv.426.2023.03.08.07.55.41; Wed, 08 Mar 2023 07:55:44 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 180C468BD14; Wed, 8 Mar 2023 17:55:38 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from gandalf.ektacom.com (gandalf.ektacom.com [62.23.45.26]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B756A68BBB1 for ; Wed, 8 Mar 2023 17:55:31 +0200 (EET) Received: from ektacom.com (82-64-203-93.subs.proxad.net [82.64.203.93]) by gandalf.ektacom.com (Postfix) with ESMTP id 5F0EE45A266 for ; Wed, 8 Mar 2023 16:55:31 +0100 (CET) Message-ID: <928dcb75-6411-4e33-caa8-5cd247f8a185@ektacom.com> Date: Wed, 8 Mar 2023 16:55:27 +0100 MIME-Version: 1.0 From: =?utf-8?q?C=C3=A9dric_Le_Barz?= To: ffmpeg-devel@ffmpeg.org Content-Language: en-US X-MailScanner-ID: C6A4E1ABE7E8.ADE99 X-MailScanner: Found to be clean X-MailScanner-From: clebarz@ektacom.com X-Spam-Status: No Subject: [FFmpeg-devel] [PATCH] Fix issue when invalid nb_index_entries value is read - SPONSORED BY INA (Institut National de l'Audiovisuel) X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: O22Ihwt4Gzy6 Fix issue when invalid nb_index_entries value is read : in case of false nb_index_entries value, ffmpeg exit. This patch fix this problem. Signed-off-by: Cedric Le Barz --- ffmpeg/libavformat/mxfdec.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) segment->flag_entries[i] = avio_r8(pb); diff --git a/ffmpeg/libavformat/mxfdec.c b/ffmpeg/libavformat/mxfdec.c index 4530617..ffc8987 100644 --- a/ffmpeg/libavformat/mxfdec.c +++ b/ffmpeg/libavformat/mxfdec.c @@ -1221,8 +1221,18 @@ static int mxf_read_index_entry_array(AVIOContext *pb, MXFIndexTableSegment *seg } for (i = 0; i < segment->nb_index_entries; i++) { - if(avio_feof(pb)) - return AVERROR_INVALIDDATA; + + if(avio_feof(pb)) { + if (i == 0) { + return AVERROR_INVALIDDATA; + } else { + /* To be more robust to invalid nb_index_entries value, + fix the index entry number according to read entries */ + segment->nb_index_entries = i; + return 0; + } + } + segment->temporal_offset_entries[i] = avio_r8(pb); avio_r8(pb); /* KeyFrameOffset */