[FFmpeg-devel] [PATCH] avformat/dhav: Do not evaluate avio_size() multiple times

[FFmpeg-devel] [PATCH] avformat/dhav: Do not evaluate avio_size() multiple times

[Michael Niedermayer]

Code like FFMIN(MAX_DURATION_BUFFER_SIZE, avio_size(s->pb)) is not safe
as FFMIN() is a macro and avio_size() is thus evaluated multiple
times

CC: Justin Ruggles <justinr@vimeo.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/dhav.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/libavformat/dhav.c b/libavformat/dhav.c
index 5a83a8aea9d..c7e5371636a 100644
--- a/libavformat/dhav.c
+++ b/libavformat/dhav.c
@@ -246,11 +246,12 @@ static int64_t get_duration(AVFormatContext *s)
     int64_t end_buffer_pos;
     int64_t offset;
     unsigned date;
+    int64_t size = avio_size(s->pb);
 
     if (!s->pb->seekable)
         return 0;
 
-    if (start_pos + 16 > avio_size(s->pb))
+    if (start_pos + 16 > size)
         return 0;
 
     avio_skip(s->pb, 16);
@@ -258,13 +259,13 @@ static int64_t get_duration(AVFormatContext *s)
     get_timeinfo(date, &timeinfo);
     start = av_timegm(&timeinfo) * 1000LL;
 
-    end_buffer_size = FFMIN(MAX_DURATION_BUFFER_SIZE, avio_size(s->pb));
+    end_buffer_size = FFMIN(MAX_DURATION_BUFFER_SIZE, size);
     end_buffer = av_malloc(end_buffer_size);
     if (!end_buffer) {
         avio_seek(s->pb, start_pos, SEEK_SET);
         return 0;
     }
-    end_buffer_pos = avio_size(s->pb) - end_buffer_size;
+    end_buffer_pos = size - end_buffer_size;
     avio_seek(s->pb, end_buffer_pos, SEEK_SET);
     avio_read(s->pb, end_buffer, end_buffer_size);
 
-- 
2.49.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH] avformat/dhav: Do not evaluate avio_size() multiple times

[Kieran Kunhya via ffmpeg-devel]

On Sat, 7 Jun 2025, 00:12 Michael Niedermayer, <michael@niedermayer.cc>
wrote:

> Code like FFMIN(MAX_DURATION_BUFFER_SIZE, avio_size(s->pb)) is not safe
> as FFMIN() is a macro and avio_size() is thus evaluated multiple
> times
>
> CC: Justin Ruggles <justinr@vimeo.com>
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/dhav.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/libavformat/dhav.c b/libavformat/dhav.c
> index 5a83a8aea9d..c7e5371636a 100644
> --- a/libavformat/dhav.c
> +++ b/libavformat/dhav.c
> @@ -246,11 +246,12 @@ static int64_t get_duration(AVFormatContext *s)
>      int64_t end_buffer_pos;
>      int64_t offset;
>      unsigned date;
> +    int64_t size = avio_size(s->pb);
>
>      if (!s->pb->seekable)
>          return 0;
>
> -    if (start_pos + 16 > avio_size(s->pb))
> +    if (start_pos + 16 > size)
>          return 0;
>
>      avio_skip(s->pb, 16);
> @@ -258,13 +259,13 @@ static int64_t get_duration(AVFormatContext *s)
>      get_timeinfo(date, &timeinfo);
>      start = av_timegm(&timeinfo) * 1000LL;
>
> -    end_buffer_size = FFMIN(MAX_DURATION_BUFFER_SIZE, avio_size(s->pb));
> +    end_buffer_size = FFMIN(MAX_DURATION_BUFFER_SIZE, size);
>      end_buffer = av_malloc(end_buffer_size);
>      if (!end_buffer) {
>          avio_seek(s->pb, start_pos, SEEK_SET);
>          return 0;
>      }
> -    end_buffer_pos = avio_size(s->pb) - end_buffer_size;
> +    end_buffer_pos = size - end_buffer_size;
>      avio_seek(s->pb, end_buffer_pos, SEEK_SET);
>      avio_read(s->pb, end_buffer, end_buffer_size);
>
> --
> 2.49.0
>

Can you explain what "not safe" means?
I assume it means avio_size() causes a seek to the end to get the length
but it's not obvious.

Kieran

>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH] avformat/dhav: Do not evaluate avio_size() multiple times

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 3201 bytes --]

On Sat, Jun 07, 2025 at 12:21:43AM +0100, Kieran Kunhya via ffmpeg-devel wrote:
> On Sat, 7 Jun 2025, 00:12 Michael Niedermayer, <michael@niedermayer.cc>
> wrote:
> 
> > Code like FFMIN(MAX_DURATION_BUFFER_SIZE, avio_size(s->pb)) is not safe
> > as FFMIN() is a macro and avio_size() is thus evaluated multiple
> > times
> >
> > CC: Justin Ruggles <justinr@vimeo.com>
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavformat/dhav.c | 7 ++++---
> >  1 file changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/libavformat/dhav.c b/libavformat/dhav.c
> > index 5a83a8aea9d..c7e5371636a 100644
> > --- a/libavformat/dhav.c
> > +++ b/libavformat/dhav.c
> > @@ -246,11 +246,12 @@ static int64_t get_duration(AVFormatContext *s)
> >      int64_t end_buffer_pos;
> >      int64_t offset;
> >      unsigned date;
> > +    int64_t size = avio_size(s->pb);
> >
> >      if (!s->pb->seekable)
> >          return 0;
> >
> > -    if (start_pos + 16 > avio_size(s->pb))
> > +    if (start_pos + 16 > size)
> >          return 0;
> >
> >      avio_skip(s->pb, 16);
> > @@ -258,13 +259,13 @@ static int64_t get_duration(AVFormatContext *s)
> >      get_timeinfo(date, &timeinfo);
> >      start = av_timegm(&timeinfo) * 1000LL;
> >
> > -    end_buffer_size = FFMIN(MAX_DURATION_BUFFER_SIZE, avio_size(s->pb));
> > +    end_buffer_size = FFMIN(MAX_DURATION_BUFFER_SIZE, size);
> >      end_buffer = av_malloc(end_buffer_size);
> >      if (!end_buffer) {
> >          avio_seek(s->pb, start_pos, SEEK_SET);
> >          return 0;
> >      }
> > -    end_buffer_pos = avio_size(s->pb) - end_buffer_size;
> > +    end_buffer_pos = size - end_buffer_size;
> >      avio_seek(s->pb, end_buffer_pos, SEEK_SET);
> >      avio_read(s->pb, end_buffer, end_buffer_size);
> >
> > --
> > 2.49.0
> >
> 
> Can you explain what "not safe" means?
> I assume it means avio_size() causes a seek to the end to get the length
> but it's not obvious.

if you write
X = FFMIN(1000, avio_size(s->pb))

you dont expect X to be 2000, but it can be, if the filesize changes
between the 2 evaluations

also theres if (start_pos + 16 > avio_size(s->pb))
and that might not hold true either by the later evaluations

does it matter?
void *av_malloc(size_t size)
lets assume this is a 32bit system end_buffer_pos and avio_size is 64bit
we truncate teh mallloc argument

and then here, offset is 64bit

   offset = end_buffer_size - 8;
    while (offset > 0) {
        if (AV_RL32(end_buffer + offset) == MKTAG('d','h','a','v')) {
            int64_t seek_back = AV_RL32(end_buffer + offset + 4);
            end_pos = end_buffer_pos + offset - seek_back + 8;
            break;
        } else {
            offset -= 9;
        }
    }

I have not thought very much about this, I just think code like
FFMIN(1000, avio_size(s->pb))
should behave as one would expect from a quick look

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

For a strong democracy, genuine criticism is necessary, allegations benefit
noone, they just cause unnecessary conflicts. - Narendra Modi

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH] avformat/dhav: Do not evaluate avio_size() multiple times

[Derek Buitenhuis]

On 6/7/2025 12:12 AM, Michael Niedermayer wrote:
> Code like FFMIN(MAX_DURATION_BUFFER_SIZE, avio_size(s->pb)) is not safe
> as FFMIN() is a macro and avio_size() is thus evaluated multiple
> times
> 
> CC: Justin Ruggles <justinr@vimeo.com>
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/dhav.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)

LGTM.

I don't think it is "not safe", just unexpected, though.

- Derek
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH] avformat/dhav: Do not evaluate avio_size() multiple times

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 690 bytes --]

On Sat, Jun 07, 2025 at 05:23:26PM +0100, Derek Buitenhuis wrote:
> On 6/7/2025 12:12 AM, Michael Niedermayer wrote:
> > Code like FFMIN(MAX_DURATION_BUFFER_SIZE, avio_size(s->pb)) is not safe
> > as FFMIN() is a macro and avio_size() is thus evaluated multiple
> > times
> > 
> > CC: Justin Ruggles <justinr@vimeo.com>
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavformat/dhav.c | 7 ++++---
> >  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> LGTM.

will apply

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Never trust a computer, one day, it may think you are the virus. -- Compn

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".