From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 523C042DB5
	for <ffmpegdev@gitmailbox.com>; Sat,  7 May 2022 18:48:44 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 949D168B3A1;
	Sat,  7 May 2022 21:48:41 +0300 (EEST)
Received: from relay11.mail.gandi.net (relay11.mail.gandi.net [217.70.178.231])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A8CB068B0F2
 for <ffmpeg-devel@ffmpeg.org>; Sat,  7 May 2022 21:48:35 +0300 (EEST)
Received: from localhost (213-47-68-29.cable.dynamic.surfer.at [213.47.68.29])
 (Authenticated sender: michael@niedermayer.cc)
 by mail.gandi.net (Postfix) with ESMTPSA id BBED7100002
 for <ffmpeg-devel@ffmpeg.org>; Sat,  7 May 2022 18:48:34 +0000 (UTC)
Date: Sat, 7 May 2022 20:48:33 +0200
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <20220507184833.GI396728@pb2>
References: <pull.12.ffstaging.FFmpeg.1640186030.ffmpegagent@gmail.com>
 <pull.12.v2.ffstaging.FFmpeg.1651916204.ffmpegagent@gmail.com>
 <0056a93a347829e72cd6d09d48062978ca4ac6e0.1651916204.git.ffmpegagent@gmail.com>
MIME-Version: 1.0
In-Reply-To: <0056a93a347829e72cd6d09d48062978ca4ac6e0.1651916204.git.ffmpegagent@gmail.com>
Subject: Re: [FFmpeg-devel] [PATCH v2 01/11] libavformat/asf: fix handling
 of byte array length values
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: multipart/mixed; boundary="===============5064178471298898221=="
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20220507184833.GI396728@pb2/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>


--===============5064178471298898221==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="0NB0lE7sNnW8+0qW"
Content-Disposition: inline


--0NB0lE7sNnW8+0qW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, May 07, 2022 at 09:36:34AM +0000, softworkz wrote:
> From: softworkz <softworkz@hotmail.com>
>=20
> The spec allows attachment sizes of up to UINT32_MAX while
> we can handle only sizes up to INT32_MAX (in downstream
> code)
>=20
> The debug.assert in get_tag didn't really address this,
> and truncating the value_len in calling methods cannot
> be used because the length value is required in order to
> continue parsing. This adds a check with log message in
> ff_asf_handle_byte_array to handle those (rare) cases.
>=20
> Signed-off-by: softworkz <softworkz@hotmail.com>
> ---
>  libavformat/asf.c | 12 +++++++++---
>  libavformat/asf.h |  2 +-
>  2 files changed, 10 insertions(+), 4 deletions(-)
>=20
> diff --git a/libavformat/asf.c b/libavformat/asf.c
> index 1ac8b5f078..179b66a2b4 100644
> --- a/libavformat/asf.c
> +++ b/libavformat/asf.c
> @@ -267,12 +267,18 @@ static int get_id3_tag(AVFormatContext *s, int len)
>  }
> =20
>  int ff_asf_handle_byte_array(AVFormatContext *s, const char *name,
> -                             int val_len)
> +                             uint32_t val_len)
>  {
> +    if (val_len > INT32_MAX) {
> +        av_log(s, AV_LOG_VERBOSE, "Unable to handle byte arrays > INT32_=
MAX  in tag %s.\n", name);
> +        return 1;
> +    }
> +

>      if (!strcmp(name, "WM/Picture")) // handle cover art
> -        return asf_read_picture(s, val_len);
> +        return asf_read_picture(s, (int)val_len);
>      else if (!strcmp(name, "ID3")) // handle ID3 tag
> -        return get_id3_tag(s, val_len);
> +        return get_id3_tag(s, (int)val_len);

unneeded


> =20
> +    av_log(s, AV_LOG_VERBOSE, "Unsupported byte array in tag %s.\n", nam=
e);

Probably this should be DEBUG


thx

[...]

--=20
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Many things microsoft did are stupid, but not doing something just because
microsoft did it is even more stupid. If everything ms did were stupid they
would be bankrupt already.

--0NB0lE7sNnW8+0qW
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCYna+/gAKCRBhHseHBAsP
qx+PAKCQqZdGDFknJ8MiCuDYpm+9bhxcrwCfZz9iIqjXrtwF+kxpVnkGj/WTYh0=
=3b1F
-----END PGP SIGNATURE-----

--0NB0lE7sNnW8+0qW--

--===============5064178471298898221==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

--===============5064178471298898221==--