From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 19CCB449D7 for ; Mon, 5 Dec 2022 18:04:56 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id F0DCC68BCAA; Mon, 5 Dec 2022 20:04:52 +0200 (EET) Received: from iq.passwd.hu (iq.passwd.hu [217.27.212.140]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1ED3E68AEC9 for ; Mon, 5 Dec 2022 20:04:47 +0200 (EET) Received: from localhost (localhost [127.0.0.1]) by iq.passwd.hu (Postfix) with ESMTP id 8DBE1E8205 for ; Mon, 5 Dec 2022 19:04:40 +0100 (CET) X-Virus-Scanned: amavisd-new at passwd.hu Received: from iq.passwd.hu ([127.0.0.1]) by localhost (iq.passwd.hu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cfywKNjTvJvF for ; Mon, 5 Dec 2022 19:04:39 +0100 (CET) Received: from iq (iq [217.27.212.140]) by iq.passwd.hu (Postfix) with ESMTPS id 30262E7BB5 for ; Mon, 5 Dec 2022 19:04:39 +0100 (CET) Date: Mon, 5 Dec 2022 19:04:39 +0100 (CET) From: Marton Balint To: FFmpeg development discussions and patches In-Reply-To: Message-ID: <1cd3a4cc-772e-fc80-c060-b191b229d8@passwd.hu> References: <20221201214029.24352-1-chris.ribble@resi.io> <376429bd-4154-a51d-7127-b69057b69934@passwd.hu> MIME-Version: 1.0 Subject: Re: [FFmpeg-devel] [PATCH] Revert "avformat/mov: disallow a zero sample size in trun atoms" X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On Sun, 4 Dec 2022, Chris Ribble wrote: >> More strict enforcement of sample size was introduced to avoid DOS/Timeout >> with crafted (fuzzed) files and disallow emitting zero sized packets. >> >> Invalid file support is not something that is always worth doing, there >> are other, more important factors, like limiting code complexity or >> improving resiliance against denial of service. The problem here is that I >> honestly don't know if a zero sample size is against spec, just stupid, or >> there is a legitimate use for it. >> >> So I sent a 2 patch series which fixes the original issue differently. >> Please test and review them if you can. > > Marton, > > Thank you for looking into this further. > > I tried your patch series and FFmpeg still generates an error > (AVERROR_INVALIDDATA) while processing the moof fragment with > zero-sized samples. Hmm, strange. > > It seems like !(flags & MOV_TRUN_SAMPLE_SIZE) evaluates to true when > the flag is set (512 is "inverted" to 1). Is that what you had in > mind? !(flags & 0x200) should evaluate to 0 if the flag is set, 1 otherwise. > > If I change it to this, things work as expected for my input mp4: > if (entries && !frag->size && (flags & MOV_TRUN_SAMPLE_SIZE != > MOV_TRUN_SAMPLE_SIZE)) The precedence is funny here. != is evaluated first, not &. > return AVERROR_INVALIDDATA; > > Sorry if I was supposed to provide this feedback on the patch series > itself; I'm happy to do so there as needed. Share the sample please. If the patch I proposed does not fix it, I am not sure what is the best approach here. Thanks, Marton _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".