[FFmpeg-devel] [PATCH 1/5] avformat/mov: Check requested_sample before using it

[FFmpeg-devel] [PATCH 1/5] avformat/mov: Check requested_sample before using it

[Michael Niedermayer]

I am not sure the case described by coverity is possible
but its more robust checking the argument first

Fixes: CID1598441 Improper use of negative value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 9016cd5ad08..f571b0468ee 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -10161,7 +10161,7 @@ static int mov_seek_stream(AVFormatContext *s, AVStream *st, int64_t timestamp,
         // If we've reached a different sample trying to find a good pts to
         // seek to, give up searching because we'll end up seeking back to
         // sample 0 on every seek.
-        if (!can_seek_to_key_sample(st, requested_sample, next_ts) && sample != requested_sample)
+        if (sample != requested_sample && !can_seek_to_key_sample(st, requested_sample, next_ts))
             break;
 
         timestamp = next_ts;
-- 
2.45.2

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 2/5] avformat/mpeg: Check len in mpegps_probe()

[Michael Niedermayer]

Fixes: CID1473590 Untrusted loop bound

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mpeg.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/mpeg.c b/libavformat/mpeg.c
index 5556861e1c4..c3dff3e4ea2 100644
--- a/libavformat/mpeg.c
+++ b/libavformat/mpeg.c
@@ -76,6 +76,9 @@ static int mpegps_probe(const AVProbeData *p)
             int pes  = endpes <= i && check_pes(p->buf + i, p->buf + p->buf_size);
             int pack = check_pack_header(p->buf + i);
 
+            if (len > INT_MAX - i)
+                break;
+
             if (code == SYSTEM_HEADER_START_CODE)
                 sys++;
             else if (code == PACK_START_CODE && pack)
-- 
2.45.2

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 3/5] avformat/mxfdec: Check container_ul->desc before use

[Michael Niedermayer]

Fixes: CID1592939 Dereference after null check

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mxfdec.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index e65cec74c23..820b03940aa 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -3031,6 +3031,7 @@ static int mxf_parse_structural_metadata(MXFContext *mxf)
             if (container_ul->desc)
                 av_dict_set(&st->metadata, "data_type", container_ul->desc, 0);
             if (mxf->eia608_extract &&
+                container_ul->desc &&
                 !strcmp(container_ul->desc, "vbi_vanc_smpte_436M")) {
                 st->codecpar->codec_type = AVMEDIA_TYPE_SUBTITLE;
                 st->codecpar->codec_id = AV_CODEC_ID_EIA_608;
-- 
2.45.2

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 3/5] avformat/mxfdec: Check container_ul->desc before use

[Tomas Härdin]

fre 2024-06-07 klockan 02:32 +0200 skrev Michael Niedermayer:
> Fixes: CID1592939 Dereference after null check
> 
> Sponsored-by: Sovereign Tech Fund
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/mxfdec.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> index e65cec74c23..820b03940aa 100644
> --- a/libavformat/mxfdec.c
> +++ b/libavformat/mxfdec.c
> @@ -3031,6 +3031,7 @@ static int
> mxf_parse_structural_metadata(MXFContext *mxf)
>              if (container_ul->desc)
>                  av_dict_set(&st->metadata, "data_type",
> container_ul->desc, 0);
>              if (mxf->eia608_extract &&
> +                container_ul->desc &&
>                  !strcmp(container_ul->desc, "vbi_vanc_smpte_436M"))
> {
>                  st->codecpar->codec_type = AVMEDIA_TYPE_SUBTITLE;
>                  st->codecpar->codec_id = AV_CODEC_ID_EIA_608;

OK

/Tomas
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 3/5] avformat/mxfdec: Check container_ul->desc before use

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 1293 bytes --]

On Tue, Jun 18, 2024 at 04:31:49PM +0200, Tomas Härdin wrote:
> fre 2024-06-07 klockan 02:32 +0200 skrev Michael Niedermayer:
> > Fixes: CID1592939 Dereference after null check
> > 
> > Sponsored-by: Sovereign Tech Fund
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavformat/mxfdec.c | 1 +
> >  1 file changed, 1 insertion(+)
> > 
> > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> > index e65cec74c23..820b03940aa 100644
> > --- a/libavformat/mxfdec.c
> > +++ b/libavformat/mxfdec.c
> > @@ -3031,6 +3031,7 @@ static int
> > mxf_parse_structural_metadata(MXFContext *mxf)
> >              if (container_ul->desc)
> >                  av_dict_set(&st->metadata, "data_type",
> > container_ul->desc, 0);
> >              if (mxf->eia608_extract &&
> > +                container_ul->desc &&
> >                  !strcmp(container_ul->desc, "vbi_vanc_smpte_436M"))
> > {
> >                  st->codecpar->codec_type = AVMEDIA_TYPE_SUBTITLE;
> >                  st->codecpar->codec_id = AV_CODEC_ID_EIA_608;
> 
> OK

will apply

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The greatest way to live with honor in this world is to be what we pretend
to be. -- Socrates

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 4/5] avformat/mxfenc: Remove dead code

[Michael Niedermayer]

Fixes: CID1524681 Logically dead code

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mxfenc.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/libavformat/mxfenc.c b/libavformat/mxfenc.c
index f424858fc4e..b8e7bfe3018 100644
--- a/libavformat/mxfenc.c
+++ b/libavformat/mxfenc.c
@@ -2606,9 +2606,6 @@ static int mxf_parse_ffv1_frame(AVFormatContext *s, AVStream *st, AVPacket *pkt)
         ff_build_rac_states(&c, 0.05 * (1LL << 32), 256 - 8);
         v = get_ffv1_unsigned_symbol(&c, state);
         av_assert0(v >= 2);
-        if (v > 4) {
-            return 0;
-        }
         if (v > 4) {
             av_log(s, AV_LOG_ERROR, "unsupported ffv1 version %d\n", v);
             return 0;
-- 
2.45.2

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 4/5] avformat/mxfenc: Remove dead code

[Tomas Härdin]

fre 2024-06-07 klockan 02:32 +0200 skrev Michael Niedermayer:
> Fixes: CID1524681 Logically dead code
> 
> Sponsored-by: Sovereign Tech Fund
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/mxfenc.c | 3 ---
>  1 file changed, 3 deletions(-)
> 
> diff --git a/libavformat/mxfenc.c b/libavformat/mxfenc.c
> index f424858fc4e..b8e7bfe3018 100644
> --- a/libavformat/mxfenc.c
> +++ b/libavformat/mxfenc.c
> @@ -2606,9 +2606,6 @@ static int mxf_parse_ffv1_frame(AVFormatContext
> *s, AVStream *st, AVPacket *pkt)
>          ff_build_rac_states(&c, 0.05 * (1LL << 32), 256 - 8);
>          v = get_ffv1_unsigned_symbol(&c, state);
>          av_assert0(v >= 2);
> -        if (v > 4) {
> -            return 0;
> -        }
>          if (v > 4) {
>              av_log(s, AV_LOG_ERROR, "unsupported ffv1 version %d\n",
> v);
>              return 0;

Commit message isn't quite accurate - this rather resurrects the error
print

/Tomas

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 4/5] avformat/mxfenc: Remove dead code

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 1329 bytes --]

On Tue, Jun 18, 2024 at 04:32:18PM +0200, Tomas Härdin wrote:
> fre 2024-06-07 klockan 02:32 +0200 skrev Michael Niedermayer:
> > Fixes: CID1524681 Logically dead code
> > 
> > Sponsored-by: Sovereign Tech Fund
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavformat/mxfenc.c | 3 ---
> >  1 file changed, 3 deletions(-)
> > 
> > diff --git a/libavformat/mxfenc.c b/libavformat/mxfenc.c
> > index f424858fc4e..b8e7bfe3018 100644
> > --- a/libavformat/mxfenc.c
> > +++ b/libavformat/mxfenc.c
> > @@ -2606,9 +2606,6 @@ static int mxf_parse_ffv1_frame(AVFormatContext
> > *s, AVStream *st, AVPacket *pkt)
> >          ff_build_rac_states(&c, 0.05 * (1LL << 32), 256 - 8);
> >          v = get_ffv1_unsigned_symbol(&c, state);
> >          av_assert0(v >= 2);
> > -        if (v > 4) {
> > -            return 0;
> > -        }
> >          if (v > 4) {
> >              av_log(s, AV_LOG_ERROR, "unsupported ffv1 version %d\n",
> > v);
> >              return 0;
> 
> Commit message isn't quite accurate - this rather resurrects the error
> print

right
will apply with a better commit message

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

There will always be a question for which you do not know the correct answer.

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 5/5] avformat/rdt: Check pkt_len

[Michael Niedermayer]

Fixes: CID1473553 Untrusted loop bound

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/rdt.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/rdt.c b/libavformat/rdt.c
index 60449d256a5..2fa53d34a8d 100644
--- a/libavformat/rdt.c
+++ b/libavformat/rdt.c
@@ -206,6 +206,8 @@ ff_rdt_parse_header(const uint8_t *buf, int len,
             return -1; /* not followed by a data packet */
 
         pkt_len = AV_RB16(buf+3);
+        if (pkt_len > len)
+            return AVERROR_INVALIDDATA;
         buf += pkt_len;
         len -= pkt_len;
         consumed += pkt_len;
-- 
2.45.2

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 1/5] avformat/mov: Check requested_sample before using it

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 640 bytes --]

On Fri, Jun 07, 2024 at 02:32:11AM +0200, Michael Niedermayer wrote:
> I am not sure the case described by coverity is possible
> but its more robust checking the argument first
> 
> Fixes: CID1598441 Improper use of negative value
> 
> Sponsored-by: Sovereign Tech Fund
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/mov.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

will apply remaining patches of this set

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I have often repented speaking, but never of holding my tongue.
-- Xenocrates

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".