From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id A7C2B4E17B
	for <ffmpegdev@gitmailbox.com>; Fri,  6 Jun 2025 23:52:04 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 1405568BA3B;
	Sat,  7 Jun 2025 02:52:01 +0300 (EEST)
Received: from relay6-d.mail.gandi.net (relay6-d.mail.gandi.net
 [217.70.183.198])
 by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 0BE3768B63D
 for <ffmpeg-devel@ffmpeg.org>; Sat,  7 Jun 2025 02:51:53 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 4D20F432C9;
 Fri,  6 Jun 2025 23:51:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1749253913;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=YsBCygoWO7W+o7F7sgzU3D1DNKX7qD3+9C2gAYEo8t4=;
 b=IsxmzpOqK07Bsg1oT7hcwBQiXEpPE5RjU4iv7Qge5TCsQS+H220XDH8YdaA6P/VH/hQwTY
 4vFSd2KiUG3XYPyamf15Z4Taein4OUazmb8tOBvw9cgXOD8BZHOn21/TDXCLjGKtmx4cH5
 ms5OujYobdoD15Zff4KLwN37klvmxVBfMsOsQbTN26vBJC60/cBEBijw+pQmQHR4vZtAHV
 757S6KvuElTsrhlA/wIucKRr93yKCeRwv1wT+sg0UBcH0q7G3Fp9IrblTfm+87XXxtOF15
 ziXNt4gOcPcfYtwG+4SRUArofRYNDwBkgpTSMEKmpvtJ+9k55Dz3OOEjTdYB1g==
Date: Sat, 7 Jun 2025 01:51:52 +0200
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <20250606235152.GD29660@pb2>
References: <20250606231220.88037-1-michael@niedermayer.cc>
 <CABGuwEm71Yu4WOjCm+adme_Z=XNkhn6JMi8eq7YZ_j1zQoLBVg@mail.gmail.com>
MIME-Version: 1.0
In-Reply-To: <CABGuwEm71Yu4WOjCm+adme_Z=XNkhn6JMi8eq7YZ_j1zQoLBVg@mail.gmail.com>
X-GND-State: clean
X-GND-Score: -70
X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtddugdehjeejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuifetpfffkfdpucggtfgfnhhsuhgsshgtrhhisggvnecuuegrihhlohhuthemuceftddunecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenfghrlhcuvffnffculdeftddmnecujfgurhepfffhvfevuffkfhggtggujgesghdtreertddtvdenucfhrhhomhepofhitghhrggvlhcupfhivgguvghrmhgrhigvrhcuoehmihgthhgrvghlsehnihgvuggvrhhmrgihvghrrdgttgeqnecuggftrfgrthhtvghrnhepledtieehtdfhuedthfegjedtleevgfduffduvddufffgtdehtddugeduiefhjedtnecukfhppeeguddrieeirdeijedruddufeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeeguddrieeirdeijedruddufedphhgvlhhopehlohgtrghlhhhoshhtpdhmrghilhhfrhhomhepmhhitghhrggvlhesnhhivgguvghrmhgrhigvrhdrtggtpdhnsggprhgtphhtthhopedvpdhrtghpthhtohepfhhfmhhpvghgqdguvghvvghlsehffhhmphgvghdrohhrghdprhgtphhtthhopehjuhhsthhinhhrsehvihhmvghordgtohhm
X-GND-Sasl: michael@niedermayer.cc
Subject: Re: [FFmpeg-devel] [PATCH] avformat/dhav: Do not evaluate
 avio_size() multiple times
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Justin Ruggles <justinr@vimeo.com>
Content-Type: multipart/mixed; boundary="===============4677501925745632027=="
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20250606235152.GD29660@pb2/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>


--===============4677501925745632027==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="2Rd2tuXDc3pkzUoY"
Content-Disposition: inline


--2Rd2tuXDc3pkzUoY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Jun 07, 2025 at 12:21:43AM +0100, Kieran Kunhya via ffmpeg-devel wr=
ote:
> On Sat, 7 Jun 2025, 00:12 Michael Niedermayer, <michael@niedermayer.cc>
> wrote:
>=20
> > Code like FFMIN(MAX_DURATION_BUFFER_SIZE, avio_size(s->pb)) is not safe
> > as FFMIN() is a macro and avio_size() is thus evaluated multiple
> > times
> >
> > CC: Justin Ruggles <justinr@vimeo.com>
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavformat/dhav.c | 7 ++++---
> >  1 file changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/libavformat/dhav.c b/libavformat/dhav.c
> > index 5a83a8aea9d..c7e5371636a 100644
> > --- a/libavformat/dhav.c
> > +++ b/libavformat/dhav.c
> > @@ -246,11 +246,12 @@ static int64_t get_duration(AVFormatContext *s)
> >      int64_t end_buffer_pos;
> >      int64_t offset;
> >      unsigned date;
> > +    int64_t size =3D avio_size(s->pb);
> >
> >      if (!s->pb->seekable)
> >          return 0;
> >
> > -    if (start_pos + 16 > avio_size(s->pb))
> > +    if (start_pos + 16 > size)
> >          return 0;
> >
> >      avio_skip(s->pb, 16);
> > @@ -258,13 +259,13 @@ static int64_t get_duration(AVFormatContext *s)
> >      get_timeinfo(date, &timeinfo);
> >      start =3D av_timegm(&timeinfo) * 1000LL;
> >
> > -    end_buffer_size =3D FFMIN(MAX_DURATION_BUFFER_SIZE, avio_size(s->p=
b));
> > +    end_buffer_size =3D FFMIN(MAX_DURATION_BUFFER_SIZE, size);
> >      end_buffer =3D av_malloc(end_buffer_size);
> >      if (!end_buffer) {
> >          avio_seek(s->pb, start_pos, SEEK_SET);
> >          return 0;
> >      }
> > -    end_buffer_pos =3D avio_size(s->pb) - end_buffer_size;
> > +    end_buffer_pos =3D size - end_buffer_size;
> >      avio_seek(s->pb, end_buffer_pos, SEEK_SET);
> >      avio_read(s->pb, end_buffer, end_buffer_size);
> >
> > --
> > 2.49.0
> >
>=20
> Can you explain what "not safe" means?
> I assume it means avio_size() causes a seek to the end to get the length
> but it's not obvious.

if you write
X =3D FFMIN(1000, avio_size(s->pb))

you dont expect X to be 2000, but it can be, if the filesize changes
between the 2 evaluations

also theres if (start_pos + 16 > avio_size(s->pb))
and that might not hold true either by the later evaluations

does it matter?
void *av_malloc(size_t size)
lets assume this is a 32bit system end_buffer_pos and avio_size is 64bit
we truncate teh mallloc argument

and then here, offset is 64bit

   offset =3D end_buffer_size - 8;
    while (offset > 0) {
        if (AV_RL32(end_buffer + offset) =3D=3D MKTAG('d','h','a','v')) {
            int64_t seek_back =3D AV_RL32(end_buffer + offset + 4);
            end_pos =3D end_buffer_pos + offset - seek_back + 8;
            break;
        } else {
            offset -=3D 9;
        }
    }

I have not thought very much about this, I just think code like
FFMIN(1000, avio_size(s->pb))
should behave as one would expect from a quick look

thx

[...]
--=20
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

For a strong democracy, genuine criticism is necessary, allegations benefit
noone, they just cause unnecessary conflicts. - Narendra Modi

--2Rd2tuXDc3pkzUoY
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCaEN/FAAKCRBhHseHBAsP
q2rjAJ96G1viFmNGssjrFvUhi6miK4drewCfdaiuDQIuuNLPJeyGQdHkiF11xHI=
=cxlx
-----END PGP SIGNATURE-----

--2Rd2tuXDc3pkzUoY--

--===============4677501925745632027==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

--===============4677501925745632027==--