Re: [FFmpeg-devel] [PATCH] avformat/dhav: Do not evaluate avio_size() multiple times

[Michael Niedermayer <michael@niedermayer.cc>]

[-- Attachment #1.1: Type: text/plain, Size: 3201 bytes --]

On Sat, Jun 07, 2025 at 12:21:43AM +0100, Kieran Kunhya via ffmpeg-devel wrote:
> On Sat, 7 Jun 2025, 00:12 Michael Niedermayer, <michael@niedermayer.cc>
> wrote:
> 
> > Code like FFMIN(MAX_DURATION_BUFFER_SIZE, avio_size(s->pb)) is not safe
> > as FFMIN() is a macro and avio_size() is thus evaluated multiple
> > times
> >
> > CC: Justin Ruggles <justinr@vimeo.com>
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavformat/dhav.c | 7 ++++---
> >  1 file changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/libavformat/dhav.c b/libavformat/dhav.c
> > index 5a83a8aea9d..c7e5371636a 100644
> > --- a/libavformat/dhav.c
> > +++ b/libavformat/dhav.c
> > @@ -246,11 +246,12 @@ static int64_t get_duration(AVFormatContext *s)
> >      int64_t end_buffer_pos;
> >      int64_t offset;
> >      unsigned date;
> > +    int64_t size = avio_size(s->pb);
> >
> >      if (!s->pb->seekable)
> >          return 0;
> >
> > -    if (start_pos + 16 > avio_size(s->pb))
> > +    if (start_pos + 16 > size)
> >          return 0;
> >
> >      avio_skip(s->pb, 16);
> > @@ -258,13 +259,13 @@ static int64_t get_duration(AVFormatContext *s)
> >      get_timeinfo(date, &timeinfo);
> >      start = av_timegm(&timeinfo) * 1000LL;
> >
> > -    end_buffer_size = FFMIN(MAX_DURATION_BUFFER_SIZE, avio_size(s->pb));
> > +    end_buffer_size = FFMIN(MAX_DURATION_BUFFER_SIZE, size);
> >      end_buffer = av_malloc(end_buffer_size);
> >      if (!end_buffer) {
> >          avio_seek(s->pb, start_pos, SEEK_SET);
> >          return 0;
> >      }
> > -    end_buffer_pos = avio_size(s->pb) - end_buffer_size;
> > +    end_buffer_pos = size - end_buffer_size;
> >      avio_seek(s->pb, end_buffer_pos, SEEK_SET);
> >      avio_read(s->pb, end_buffer, end_buffer_size);
> >
> > --
> > 2.49.0
> >
> 
> Can you explain what "not safe" means?
> I assume it means avio_size() causes a seek to the end to get the length
> but it's not obvious.

if you write
X = FFMIN(1000, avio_size(s->pb))

you dont expect X to be 2000, but it can be, if the filesize changes
between the 2 evaluations

also theres if (start_pos + 16 > avio_size(s->pb))
and that might not hold true either by the later evaluations

does it matter?
void *av_malloc(size_t size)
lets assume this is a 32bit system end_buffer_pos and avio_size is 64bit
we truncate teh mallloc argument

and then here, offset is 64bit

   offset = end_buffer_size - 8;
    while (offset > 0) {
        if (AV_RL32(end_buffer + offset) == MKTAG('d','h','a','v')) {
            int64_t seek_back = AV_RL32(end_buffer + offset + 4);
            end_pos = end_buffer_pos + offset - seek_back + 8;
            break;
        } else {
            offset -= 9;
        }
    }

I have not thought very much about this, I just think code like
FFMIN(1000, avio_size(s->pb))
should behave as one would expect from a quick look

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

For a strong democracy, genuine criticism is necessary, allegations benefit
noone, they just cause unnecessary conflicts. - Narendra Modi

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".