[FFmpeg-devel] [PATCH 1/9] avdevice/xcbgrab: Check sscanf() return

[FFmpeg-devel] [PATCH 1/9] avdevice/xcbgrab: Check sscanf() return

[Michael Niedermayer]

Alot more input checking can be performed, this is only checking the obvious missing case

Fixes: CID1598562 Unchecked return value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavdevice/xcbgrab.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libavdevice/xcbgrab.c b/libavdevice/xcbgrab.c
index 2e6b118d8c0..c736ec0cbcb 100644
--- a/libavdevice/xcbgrab.c
+++ b/libavdevice/xcbgrab.c
@@ -828,7 +828,10 @@ static av_cold int xcbgrab_read_header(AVFormatContext *s)
 
     if (!sscanf(s->url, "%[^+]+%d,%d", display_name, &c->x, &c->y)) {
         *display_name = 0;
-        sscanf(s->url, "+%d,%d", &c->x, &c->y);
+        if(sscanf(s->url, "+%d,%d", &c->x, &c->y) != 2) {
+            if (*s->url)
+                av_log(s, AV_LOG_WARNING, "Ambigous URL: %s\n", s->url);
+        }
     }
 
     c->conn = xcb_connect(display_name[0] ? display_name : NULL, &screen_num);
-- 
2.45.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 2/9] avformat/iamf_parse: Remove dead case

[Michael Niedermayer]

Fixes: CID1559546 Logically dead code

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/iamf_parse.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/libavformat/iamf_parse.c b/libavformat/iamf_parse.c
index f8074c2de1c..312090b247c 100644
--- a/libavformat/iamf_parse.c
+++ b/libavformat/iamf_parse.c
@@ -1078,8 +1078,6 @@ int ff_iamfdec_read_descriptors(IAMFContext *c, AVIOContext *pb,
         case IAMF_OBU_IA_MIX_PRESENTATION:
             ret = mix_presentation_obu(log_ctx, c, pb, obu_size);
             break;
-        case IAMF_OBU_IA_TEMPORAL_DELIMITER:
-            break;
         default: {
             int64_t offset = avio_skip(pb, obu_size);
             if (offset < 0)
-- 
2.45.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 3/9] avformat/imfdec: Simplify get_next_track_with_minimum_timestamp()

[Michael Niedermayer]

This also makes the code more robust

Fixes: CID1512414 Uninitialized pointer read

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/imfdec.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/libavformat/imfdec.c b/libavformat/imfdec.c
index 32208f89ccd..a86b4763ff8 100644
--- a/libavformat/imfdec.c
+++ b/libavformat/imfdec.c
@@ -695,12 +695,9 @@ static int imf_read_header(AVFormatContext *s)
 static IMFVirtualTrackPlaybackCtx *get_next_track_with_minimum_timestamp(AVFormatContext *s)
 {
     IMFContext *c = s->priv_data;
-    IMFVirtualTrackPlaybackCtx *track;
+    IMFVirtualTrackPlaybackCtx *track = NULL;
     AVRational minimum_timestamp = av_make_q(INT32_MAX, 1);
 
-    if (!c->track_count)
-        return NULL;
-
     for (uint32_t i = c->track_count; i > 0; i--) {
         av_log(s, AV_LOG_TRACE, "Compare track %d timestamp " AVRATIONAL_FORMAT
                " to minimum " AVRATIONAL_FORMAT
-- 
2.45.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 4/9] avformat/img2dec: Move DQT after unrelated if()

[Michael Niedermayer]

Fixes: CID1494636 Missing break in switch

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/img2dec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/img2dec.c b/libavformat/img2dec.c
index a40675d4341..f8c1c0f3136 100644
--- a/libavformat/img2dec.c
+++ b/libavformat/img2dec.c
@@ -794,7 +794,6 @@ static int jpeg_probe(const AVProbeData *p)
                 return 0;
             state = EOI;
             break;
-        case DQT:
         case APP0:
             if (AV_RL32(&b[i + 4]) == MKTAG('J','F','I','F'))
                 got_header = 1;
@@ -815,6 +814,7 @@ static int jpeg_probe(const AVProbeData *p)
         case APP13:
         case APP14:
         case APP15:
+        case DQT: /* fallthrough */
         case COM:
             i += AV_RB16(&b[i + 2]) + 1;
             break;
-- 
2.45.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 5/9] avformat/img2dec: Little JFIF / Exif cleanup

[Michael Niedermayer]

This changes the behavior and makes it behave how it probably was intended.
Either way this is unlikely to result in any user visible change

Fixes: CID1494637 Missing break in switch

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/img2dec.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libavformat/img2dec.c b/libavformat/img2dec.c
index f8c1c0f3136..ba523530745 100644
--- a/libavformat/img2dec.c
+++ b/libavformat/img2dec.c
@@ -795,11 +795,13 @@ static int jpeg_probe(const AVProbeData *p)
             state = EOI;
             break;
         case APP0:
-            if (AV_RL32(&b[i + 4]) == MKTAG('J','F','I','F'))
+            if (c == APP0 && AV_RL32(&b[i + 4]) == MKTAG('J','F','I','F'))
                 got_header = 1;
+            /* fallthrough */
         case APP1:
-            if (AV_RL32(&b[i + 4]) == MKTAG('E','x','i','f'))
+            if (c == APP1 && AV_RL32(&b[i + 4]) == MKTAG('E','x','i','f'))
                 got_header = 1;
+            /* fallthrough */
         case APP2:
         case APP3:
         case APP4:
-- 
2.45.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 6/9] avformat/libzmq: Check av_strstart()

[Michael Niedermayer]

Fixes: CID1453457 Unchecked return value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/libzmq.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libavformat/libzmq.c b/libavformat/libzmq.c
index 04c72ac601c..f4bb849e46b 100644
--- a/libavformat/libzmq.c
+++ b/libavformat/libzmq.c
@@ -94,7 +94,10 @@ static int zmq_proto_open(URLContext *h, const char *uri, int flags)
         return AVERROR_EXTERNAL;
     }
 
-    av_strstart(uri, "zmq:", &uri);
+    if (av_strstart(uri, "zmq:", &uri)) {
+        av_log(h, AV_LOG_ERROR, "URL %s lacks prefix\n", uri);
+        return AVERROR(EINVAL);
+    }
 
     /*publish during write*/
     if (h->flags & AVIO_FLAG_WRITE) {
-- 
2.45.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 7/9] avformat/matroskadec: Assert that num_levels is non negative

[Michael Niedermayer]

Maybe Closes: CID1452496 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/matroskadec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 13959f8b3d4..328109b354e 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -4210,7 +4210,7 @@ static int matroska_parse_cluster(MatroskaDemuxContext *matroska)
     MatroskaBlock     *block = &cluster->block;
     int res;
 
-    av_assert0(matroska->num_levels <= 2);
+    av_assert0(matroska->num_levels <= 2U);
 
     if (matroska->num_levels == 1) {
         res = ebml_parse(matroska, matroska_segment, NULL);
-- 
2.45.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 8/9] avformat/mov: Use 64bit in intermediate for current_dts

[Michael Niedermayer]

Fixes: CID1500304 Unintentional integer overflow
Fixes: CID1500318 Unintentional integer overflow

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mov.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 45eca74d1db..d15b7b70c50 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -3389,12 +3389,12 @@ static int mov_read_stts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
             corrected_dts += sample_duration * sample_count;
         }
 
-        current_dts += sc->stts_data[i].duration * sample_count;
+        current_dts += sc->stts_data[i].duration * (int64_t)sample_count;
 
         if (current_dts > corrected_dts) {
             int64_t drift = (current_dts - corrected_dts)/FFMAX(sample_count, 1);
             uint32_t correction = (sc->stts_data[i].duration > drift) ? drift : sc->stts_data[i].duration - 1;
-            current_dts -= correction * sample_count;
+            current_dts -= correction * (uint64_t)sample_count;
             sc->stts_data[i].duration -= correction;
         }
 
-- 
2.45.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 9/9] avformat/mov: Use int64_t in intermediate for corrected_dts

[Michael Niedermayer]

Fixes: CID1500312 Unintentional integer overflow

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index d15b7b70c50..93643304212 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -3386,7 +3386,7 @@ static int mov_read_stts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
             sc->stts_data[i].duration = 1;
             corrected_dts += (delta_magnitude < 0 ? (int64_t)delta_magnitude : 1) * sample_count;
         } else {
-            corrected_dts += sample_duration * sample_count;
+            corrected_dts += sample_duration * (int64_t)sample_count;
         }
 
         current_dts += sc->stts_data[i].duration * (int64_t)sample_count;
-- 
2.45.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 3/9] avformat/imfdec: Simplify get_next_track_with_minimum_timestamp()

[Pierre-Anthony Lemieux]

LGTM

On Sun, Jun 2, 2024 at 7:16 PM Michael Niedermayer
<michael@niedermayer.cc> wrote:
>
> This also makes the code more robust
>
> Fixes: CID1512414 Uninitialized pointer read
>
> Sponsored-by: Sovereign Tech Fund
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/imfdec.c | 5 +----
>  1 file changed, 1 insertion(+), 4 deletions(-)
>
> diff --git a/libavformat/imfdec.c b/libavformat/imfdec.c
> index 32208f89ccd..a86b4763ff8 100644
> --- a/libavformat/imfdec.c
> +++ b/libavformat/imfdec.c
> @@ -695,12 +695,9 @@ static int imf_read_header(AVFormatContext *s)
>  static IMFVirtualTrackPlaybackCtx *get_next_track_with_minimum_timestamp(AVFormatContext *s)
>  {
>      IMFContext *c = s->priv_data;
> -    IMFVirtualTrackPlaybackCtx *track;
> +    IMFVirtualTrackPlaybackCtx *track = NULL;
>      AVRational minimum_timestamp = av_make_q(INT32_MAX, 1);
>
> -    if (!c->track_count)
> -        return NULL;
> -
>      for (uint32_t i = c->track_count; i > 0; i--) {
>          av_log(s, AV_LOG_TRACE, "Compare track %d timestamp " AVRATIONAL_FORMAT
>                 " to minimum " AVRATIONAL_FORMAT
> --
> 2.45.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 1/9] avdevice/xcbgrab: Check sscanf() return

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 607 bytes --]

On Mon, Jun 03, 2024 at 04:15:18AM +0200, Michael Niedermayer wrote:
> Alot more input checking can be performed, this is only checking the obvious missing case
> 
> Fixes: CID1598562 Unchecked return value
> 
> Sponsored-by: Sovereign Tech Fund
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavdevice/xcbgrab.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)

will apply patchset

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

In a rich man's house there is no place to spit but his face.
-- Diogenes of Sinope

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 9/9] avformat/mov: Use int64_t in intermediate for corrected_dts

[Kacper Michajlow]

On Mon, 3 Jun 2024 at 04:16, Michael Niedermayer <michael@niedermayer.cc> wrote:
>
> Fixes: CID1500312 Unintentional integer overflow
>
> Sponsored-by: Sovereign Tech Fund
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/mov.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index d15b7b70c50..93643304212 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -3386,7 +3386,7 @@ static int mov_read_stts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
>              sc->stts_data[i].duration = 1;
>              corrected_dts += (delta_magnitude < 0 ? (int64_t)delta_magnitude : 1) * sample_count;
>          } else {
> -            corrected_dts += sample_duration * sample_count;
> +            corrected_dts += sample_duration * (int64_t)sample_count;
>          }
>
>          current_dts += sc->stts_data[i].duration * (int64_t)sample_count;
> --
> 2.45.1

This is not enough to guard the overflow, the addition can still overflow.

mov.c:3500:27: runtime error: signed integer overflow:
3206437752653027430 + 8549083172438480532 cannot be represented in
type 'int64_t' (aka 'long')

- Kacper
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".