Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
 help / color / mirror / Atom feed
From: Anton Khirnov <anton@khirnov.net>
To: ffmpeg-devel@ffmpeg.org
Subject: [FFmpeg-devel] [PATCH 7/7] lavu/fifo: return errors on trying to read/write too much
Date: Fri, 31 Dec 2021 11:53:07 +0100
Message-ID: <20211231105307.30946-7-anton@khirnov.net> (raw)
In-Reply-To: <20211231105307.30946-1-anton@khirnov.net>

Trying to write too much will currently overwrite previous data. Trying
to read too much will either av_assert2() in av_fifo_drain() or return
old data. Trying to peek too much will either av_assert2() in
av_fifo_generic_peek_at() or return old data.

Return an error code in all these cases, which is safer and more
consistent.
---
 libavutil/fifo.c | 18 +++++++++++-------
 libavutil/fifo.h |  8 +++++++-
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/libavutil/fifo.c b/libavutil/fifo.c
index f38e8ff089..d741bdd395 100644
--- a/libavutil/fifo.c
+++ b/libavutil/fifo.c
@@ -134,6 +134,9 @@ int av_fifo_generic_write(AVFifoBuffer *f, void *src, int size,
     uint32_t wndx= f->wndx;
     uint8_t *wptr= f->wptr;
 
+    if (size > av_fifo_space(f))
+        return AVERROR(ENOSPC);
+
     do {
         int len = FFMIN(f->end - wptr, size);
         if (func) {
@@ -159,13 +162,8 @@ int av_fifo_generic_peek_at(AVFifoBuffer *f, void *dest, int offset, int buf_siz
 {
     uint8_t *rptr = f->rptr;
 
-    av_assert2(offset >= 0);
-
-    /*
-     * *ndx are indexes modulo 2^32, they are intended to overflow,
-     * to handle *ndx greater than 4gb.
-     */
-    av_assert2(buf_size + (unsigned)offset <= f->wndx - f->rndx);
+    if (offset < 0 || buf_size > av_fifo_size(f) - offset)
+        return AVERROR(EINVAL);
 
     if (offset >= f->end - rptr)
         rptr += offset - (f->end - f->buffer);
@@ -198,6 +196,9 @@ int av_fifo_generic_peek(AVFifoBuffer *f, void *dest, int buf_size,
 {
     uint8_t *rptr = f->rptr;
 
+    if (buf_size > av_fifo_size(f))
+        return AVERROR(EINVAL);
+
     do {
         int len = FFMIN(f->end - rptr, buf_size);
         if (func)
@@ -218,6 +219,9 @@ int av_fifo_generic_peek(AVFifoBuffer *f, void *dest, int buf_size,
 int av_fifo_generic_read(AVFifoBuffer *f, void *dest, int buf_size,
                          void (*func)(void *, void *, int))
 {
+    if (buf_size > av_fifo_size(f))
+        return AVERROR(EINVAL);
+
     do {
         int len = FFMIN(f->end - f->rptr, buf_size);
         if (func)
diff --git a/libavutil/fifo.h b/libavutil/fifo.h
index 37da9f14c2..53b668aa17 100644
--- a/libavutil/fifo.h
+++ b/libavutil/fifo.h
@@ -91,6 +91,8 @@ int av_fifo_space(const AVFifoBuffer *f);
  * @param buf_size number of bytes to read
  * @param func generic read function
  * @param dest data destination
+ *
+ * @return a non-negative number on success, a negative error code on failure
  */
 int av_fifo_generic_peek_at(AVFifoBuffer *f, void *dest, int offset, int buf_size, void (*func)(void*, void*, int));
 
@@ -101,6 +103,8 @@ int av_fifo_generic_peek_at(AVFifoBuffer *f, void *dest, int offset, int buf_siz
  * @param buf_size number of bytes to read
  * @param func generic read function
  * @param dest data destination
+ *
+ * @return a non-negative number on success, a negative error code on failure
  */
 int av_fifo_generic_peek(AVFifoBuffer *f, void *dest, int buf_size, void (*func)(void*, void*, int));
 
@@ -110,6 +114,8 @@ int av_fifo_generic_peek(AVFifoBuffer *f, void *dest, int buf_size, void (*func)
  * @param buf_size number of bytes to read
  * @param func generic read function
  * @param dest data destination
+ *
+ * @return a non-negative number on success, a negative error code on failure
  */
 int av_fifo_generic_read(AVFifoBuffer *f, void *dest, int buf_size, void (*func)(void*, void*, int));
 
@@ -124,7 +130,7 @@ int av_fifo_generic_read(AVFifoBuffer *f, void *dest, int buf_size, void (*func)
  * func must return the number of bytes written to dest_buf, or <= 0 to
  * indicate no more data available to write.
  * If func is NULL, src is interpreted as a simple byte array for source data.
- * @return the number of bytes written to the FIFO
+ * @return the number of bytes written to the FIFO or a negative error code on failure
  */
 int av_fifo_generic_write(AVFifoBuffer *f, void *src, int size, int (*func)(void*, void*, int));
 
-- 
2.33.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

  parent reply	other threads:[~2021-12-31 10:54 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-31 10:53 [FFmpeg-devel] [PATCH 1/7] lavc/flac_parser: use a custom FIFO implementation Anton Khirnov
2021-12-31 10:53 ` [FFmpeg-devel] [PATCH 2/7] lavf/dvenc: replace av_fifo_peek2() with av_fifo_generic_peek_at() Anton Khirnov
2021-12-31 10:53 ` [FFmpeg-devel] [PATCH 3/7] lavu/fifo: deprecate av_fifo_peek2() Anton Khirnov
2021-12-31 10:53 ` [FFmpeg-devel] [PATCH 4/7] lavu/fifo: simplify av_fifo_alloc() Anton Khirnov
2021-12-31 10:53 ` [FFmpeg-devel] [PATCH 5/7] lavu/fifo: do not copy the whole fifo when reallocating Anton Khirnov
2021-12-31 10:53 ` [FFmpeg-devel] [PATCH 6/7] lavu/fifo: drop useless comments Anton Khirnov
2021-12-31 11:47   ` Andreas Rheinhardt
2021-12-31 10:53 ` Anton Khirnov [this message]
2021-12-31 11:30 ` [FFmpeg-devel] [PATCH 1/7] lavc/flac_parser: use a custom FIFO implementation Andreas Rheinhardt
2022-01-02 14:24   ` [FFmpeg-devel] [PATCH] " Anton Khirnov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211231105307.30946-7-anton@khirnov.net \
    --to=anton@khirnov.net \
    --cc=ffmpeg-devel@ffmpeg.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
		ffmpegdev@gitmailbox.com
	public-inbox-index ffmpegdev

Example config snippet for mirrors.


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git