From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 2090C499EB for ; Tue, 27 Feb 2024 00:06:16 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 621BB68CA47; Tue, 27 Feb 2024 02:06:13 +0200 (EET) Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com [209.85.216.54]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E051A68C27C for ; Tue, 27 Feb 2024 02:06:06 +0200 (EET) Received: by mail-pj1-f54.google.com with SMTP id 98e67ed59e1d1-29ac703a6b5so939925a91.1 for ; Mon, 26 Feb 2024 16:06:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708992364; x=1709597164; darn=ffmpeg.org; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=tWxjVLNypyayEEWCx/CWituSEkX6Phqaqj0doIVuyFU=; b=lEQ/cXTkr7NR4BOvG5mOc8De6Ds30Md74VaX1CgnmBGWVy4Ja7OiLqqna4UbSWBPm6 anO0NutUmraFKamRThjTudeWGUdsrd3nbSNyN+t/DDxOIcH9jys6jzZ5CTAqM2WO3pPn LJ6lPQDMWGdMdgv9Kg6v1yW5OcSbdl9+vo2c3YR+/m4edKRU7TwhwztZsPxqZ6pOSPSq PJ5ubYJYeQUfXuWEQW15oIRK6VpgbPtyM87yjNkwhv4GvzSoUZ2wzaTDnUXjJ/TI+wPo +EKE3opDzejkfo8zSJUgeXTpemoVSNEcbkVFX7kBPo7i3ksfOb1IXxKb0cpokLEIrSn9 adZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708992364; x=1709597164; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=tWxjVLNypyayEEWCx/CWituSEkX6Phqaqj0doIVuyFU=; b=OEc0etvfvnHfQ37u2Aw9Cm1fe2GWfrhDAWBgxeagmEM2AF66/7DoJX4SssM7XSVoWC fhtU1PNb/rDOjAgsDMJRfamBABy8z0g1GwOkpyrMgiSsQbGSdLWMqy9qTt39+tWmIZSV VFLR549EcZy8wN/nLWbGNDINYditPXdZutnAbVr7eXo3ONosXQEH7JZtTnNVvDPhxzxO stsFVMfv4bhIYjd0YdLe+owltOcv/4yN3SpqVzhn4N2fMppU+Y5Pbp5mqn9gAzC7l9fN S+sFv+Ki/xIlCPM8gFqr5VoRp3tu6zAjPwoCuJThrSFphdI6gBjQUigxp7kxbZ3TXJBS yiAA== X-Gm-Message-State: AOJu0YztWkuVnYHONKp8QRxbx1UWzAZsYOCrmesxL5M9QZTEAmsoWlw1 QMDBCNsMzQWbCG4mHX5BMJe0CulwVkl1edatf40UVlB69yUNn4Bgl/YicjC2 X-Google-Smtp-Source: AGHT+IHBKmIynSTQLd8IWyZR2GA3qwZJ0hY8J2YYe2mkimbzzL8SDJU1y3HE8tGFMCFkZoW+jVJxbA== X-Received: by 2002:a17:90a:300a:b0:298:bce9:47b4 with SMTP id g10-20020a17090a300a00b00298bce947b4mr6374730pjb.48.1708992363578; Mon, 26 Feb 2024 16:06:03 -0800 (PST) Received: from [192.168.0.11] ([190.194.169.124]) by smtp.gmail.com with ESMTPSA id ck7-20020a17090afe0700b0029933f5b45dsm7103180pjb.13.2024.02.26.16.06.02 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 26 Feb 2024 16:06:03 -0800 (PST) Message-ID: <5b691c4e-d2d5-4f25-9d71-608dc7ac55e5@gmail.com> Date: Mon, 26 Feb 2024 21:06:20 -0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: From: James Almer In-Reply-To: Subject: Re: [FFmpeg-devel] [PATCH v3] avformat/mov: Don't use entry[-1] in pointer arithmetic X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On 2/26/2024 8:27 PM, Andreas Rheinhardt wrote: > It is undefined behaviour. > Fixes many failed tests with UBSan and GCC 13 like > "src/libavformat/mov.c:4229:44: runtime error: store to address > 0x5572abe20f80 with insufficient space for an object of type 'struct > MOVIndexRange'" > (The line number does not refer to the line where &entry[-1] > is assigned.) > > Signed-off-by: Andreas Rheinhardt > --- > libavformat/mov.c | 11 ++++++----- > 1 file changed, 6 insertions(+), 5 deletions(-) > > diff --git a/libavformat/mov.c b/libavformat/mov.c > index 71e8f7ae8f..97caaa7723 100644 > --- a/libavformat/mov.c > +++ b/libavformat/mov.c > @@ -4022,7 +4022,7 @@ static void mov_fix_index(MOVContext *mov, AVStream *st) > int num_discarded_begin = 0; > int first_non_zero_audio_edit = -1; > int packet_skip_samples = 0; > - MOVIndexRange *current_index_range; > + MOVIndexRange *current_index_range = NULL; > int found_keyframe_after_edit = 0; > int found_non_empty_edit = 0; > > @@ -4038,7 +4038,6 @@ static void mov_fix_index(MOVContext *mov, AVStream *st) > return; > } > msc->current_index_range = msc->index_ranges; > - current_index_range = msc->index_ranges - 1; > > // Clean AVStream from traces of old index > sti->index_entries = NULL; > @@ -4225,8 +4224,9 @@ static void mov_fix_index(MOVContext *mov, AVStream *st) > } > > // Update the index ranges array > - if (current_index_range < msc->index_ranges || index != current_index_range->end) { > - current_index_range++; > + if (!current_index_range || index != current_index_range->end) { > + current_index_range = current_index_range ? current_index_range + 1 > + : msc->index_ranges; > current_index_range->start = index; > } > current_index_range->end = index + 1; > @@ -4289,7 +4289,8 @@ static void mov_fix_index(MOVContext *mov, AVStream *st) > av_freep(&frame_duration_buffer); > > // Null terminate the index ranges array > - current_index_range++; > + current_index_range = current_index_range ? current_index_range + 1 > + : msc->index_ranges; > current_index_range->start = 0; > current_index_range->end = 0; > msc->current_index = msc->index_ranges[0].start; Can't test if this fixes the UB, but the changes lgtm. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".