* [FFmpeg-devel] [PATCH 1/5] avformat/wtvdec: Don't truncate GUIDs
@ 2023-09-12 12:27 Andreas Rheinhardt
2023-09-12 12:34 ` [FFmpeg-devel] [PATCH 2/5] avformat/wtvdec: Skip too big tags Andreas Rheinhardt
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Andreas Rheinhardt @ 2023-09-12 12:27 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Andreas Rheinhardt
Each of the 16 bytes of a GUID is written as a two-character
hex value and three hyphens, leading to a length of 35.
GCC 13 emits a -Wformat-truncation= warning because of this.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
Is there actually a reason this is using a different format than
the one used by lavu/uuid.h?
libavformat/wtvdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/wtvdec.c b/libavformat/wtvdec.c
index b29ea7a923..1103f5ba03 100644
--- a/libavformat/wtvdec.c
+++ b/libavformat/wtvdec.c
@@ -43,7 +43,7 @@
"%08"PRIx32"-%04"PRIx16"-%04"PRIx16"-%02x%02x%02x%02x%02x%02x%02x%02x"
#define ARG_PRETTY_GUID(g) \
AV_RL32(g),AV_RL16(g+4),AV_RL16(g+6),g[8],g[9],g[10],g[11],g[12],g[13],g[14],g[15]
-#define LEN_PRETTY_GUID 34
+#define LEN_PRETTY_GUID 35
/*
* File system routines
--
2.34.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 6+ messages in thread* [FFmpeg-devel] [PATCH 2/5] avformat/wtvdec: Skip too big tags 2023-09-12 12:27 [FFmpeg-devel] [PATCH 1/5] avformat/wtvdec: Don't truncate GUIDs Andreas Rheinhardt @ 2023-09-12 12:34 ` Andreas Rheinhardt 2023-09-12 12:34 ` [FFmpeg-devel] [PATCH 3/5] avformat/wtvdec: Fix signed integer overflow Andreas Rheinhardt ` (3 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: Andreas Rheinhardt @ 2023-09-12 12:34 UTC (permalink / raw) To: ffmpeg-devel; +Cc: Andreas Rheinhardt get_tag() is not designed with negative length in mind; in this case, it will allocate a very small buffer (LEN_PRETTY_GUID + 1) and might call avio_get_str16le() with a negative maxlen (which relies on these parameters to be signed). Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> --- libavformat/wtvdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/wtvdec.c b/libavformat/wtvdec.c index 1103f5ba03..2de6dc2103 100644 --- a/libavformat/wtvdec.c +++ b/libavformat/wtvdec.c @@ -539,7 +539,7 @@ static void parse_legacy_attrib(AVFormatContext *s, AVIOContext *pb) ff_get_guid(pb, &guid); type = avio_rl32(pb); length = avio_rl32(pb); - if (!length) + if (length <= 0) break; if (ff_guidcmp(&guid, ff_metadata_guid)) { av_log(s, AV_LOG_WARNING, "unknown guid "FF_PRI_GUID", expected metadata_guid; " -- 2.34.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 6+ messages in thread
* [FFmpeg-devel] [PATCH 3/5] avformat/wtvdec: Fix signed integer overflow 2023-09-12 12:27 [FFmpeg-devel] [PATCH 1/5] avformat/wtvdec: Don't truncate GUIDs Andreas Rheinhardt 2023-09-12 12:34 ` [FFmpeg-devel] [PATCH 2/5] avformat/wtvdec: Skip too big tags Andreas Rheinhardt @ 2023-09-12 12:34 ` Andreas Rheinhardt 2023-09-12 12:34 ` [FFmpeg-devel] [PATCH 4/5] avformat/wtvdec: Use smaller upper bound for buffer Andreas Rheinhardt ` (2 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: Andreas Rheinhardt @ 2023-09-12 12:34 UTC (permalink / raw) To: ffmpeg-devel; +Cc: Andreas Rheinhardt Happens when length > INT_MAX / 2; use unsigned for the computation, but restrict the value to INT_MAX, because avio_get_str16le() accepts an int as buf_len argument. Notice that it can happen that the string read by avio_get_str16le() is truncated in this case. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> --- libavformat/wtvdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/wtvdec.c b/libavformat/wtvdec.c index 2de6dc2103..4ce4b6403e 100644 --- a/libavformat/wtvdec.c +++ b/libavformat/wtvdec.c @@ -468,7 +468,7 @@ static void get_tag(AVFormatContext *s, AVIOContext *pb, const char *key, int ty return; } - buf_size = FFMAX(2*length, LEN_PRETTY_GUID) + 1; + buf_size = FFMIN(FFMAX(2U * length, LEN_PRETTY_GUID) + 1, INT_MAX); buf = av_malloc(buf_size); if (!buf) return; -- 2.34.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 6+ messages in thread
* [FFmpeg-devel] [PATCH 4/5] avformat/wtvdec: Use smaller upper bound for buffer 2023-09-12 12:27 [FFmpeg-devel] [PATCH 1/5] avformat/wtvdec: Don't truncate GUIDs Andreas Rheinhardt 2023-09-12 12:34 ` [FFmpeg-devel] [PATCH 2/5] avformat/wtvdec: Skip too big tags Andreas Rheinhardt 2023-09-12 12:34 ` [FFmpeg-devel] [PATCH 3/5] avformat/wtvdec: Fix signed integer overflow Andreas Rheinhardt @ 2023-09-12 12:34 ` Andreas Rheinhardt 2023-09-12 12:34 ` [FFmpeg-devel] [PATCH 5/5] avformat/wtvdec: Avoid unnecessary allocations Andreas Rheinhardt 2023-09-12 21:28 ` [FFmpeg-devel] [PATCH 1/5] avformat/wtvdec: Don't truncate GUIDs Peter Ross 4 siblings, 0 replies; 6+ messages in thread From: Andreas Rheinhardt @ 2023-09-12 12:34 UTC (permalink / raw) To: ffmpeg-devel; +Cc: Andreas Rheinhardt Every code point in the BMP is representable with at most three bytes in UTF-8 and every code point not in the BMP takes four bytes. For each of the latter, the encoding of UTF-16 takes as many bytes; for each of the former, it takes at most 3/2 as many. Therefore one can decrease the size of the buffer allocated here. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> --- libavformat/wtvdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/wtvdec.c b/libavformat/wtvdec.c index 4ce4b6403e..9fe00590c8 100644 --- a/libavformat/wtvdec.c +++ b/libavformat/wtvdec.c @@ -468,7 +468,7 @@ static void get_tag(AVFormatContext *s, AVIOContext *pb, const char *key, int ty return; } - buf_size = FFMIN(FFMAX(2U * length, LEN_PRETTY_GUID) + 1, INT_MAX); + buf_size = FFMIN(FFMAX(length + length / 2U, LEN_PRETTY_GUID) + 1, INT_MAX); buf = av_malloc(buf_size); if (!buf) return; -- 2.34.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 6+ messages in thread
* [FFmpeg-devel] [PATCH 5/5] avformat/wtvdec: Avoid unnecessary allocations 2023-09-12 12:27 [FFmpeg-devel] [PATCH 1/5] avformat/wtvdec: Don't truncate GUIDs Andreas Rheinhardt ` (2 preceding siblings ...) 2023-09-12 12:34 ` [FFmpeg-devel] [PATCH 4/5] avformat/wtvdec: Use smaller upper bound for buffer Andreas Rheinhardt @ 2023-09-12 12:34 ` Andreas Rheinhardt 2023-09-12 21:28 ` [FFmpeg-devel] [PATCH 1/5] avformat/wtvdec: Don't truncate GUIDs Peter Ross 4 siblings, 0 replies; 6+ messages in thread From: Andreas Rheinhardt @ 2023-09-12 12:34 UTC (permalink / raw) To: ffmpeg-devel; +Cc: Andreas Rheinhardt Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> --- libavformat/wtvdec.c | 47 ++++++++++++++++++-------------------------- 1 file changed, 19 insertions(+), 28 deletions(-) diff --git a/libavformat/wtvdec.c b/libavformat/wtvdec.c index 9fe00590c8..e70470f79b 100644 --- a/libavformat/wtvdec.c +++ b/libavformat/wtvdec.c @@ -460,71 +460,62 @@ done: static void get_tag(AVFormatContext *s, AVIOContext *pb, const char *key, int type, int length) { - int buf_size; - char *buf; + char buf[LEN_PRETTY_GUID + 1], *bufp = buf; + unsigned dict_flags = 0; if (!strcmp(key, "WM/MediaThumbType")) { avio_skip(pb, length); return; } - buf_size = FFMIN(FFMAX(length + length / 2U, LEN_PRETTY_GUID) + 1, INT_MAX); - buf = av_malloc(buf_size); - if (!buf) - return; - if (type == 0 && length == 4) { - snprintf(buf, buf_size, "%u", avio_rl32(pb)); + snprintf(buf, sizeof(buf), "%u", avio_rl32(pb)); } else if (type == 1) { - avio_get_str16le(pb, length, buf, buf_size); - if (!strlen(buf)) { - av_free(buf); + int buflen = FFMIN(length + length / 2U + 1, INT_MAX); + bufp = av_malloc(buflen); + if (!bufp) + return; + avio_get_str16le(pb, length, bufp, buflen); + if (!*bufp) { + av_free(bufp); return; } + dict_flags = AV_DICT_DONT_STRDUP_VAL; } else if (type == 3 && length == 4) { strcpy(buf, avio_rl32(pb) ? "true" : "false"); } else if (type == 4 && length == 8) { int64_t num = avio_rl64(pb); if (!strcmp(key, "WM/EncodingTime") || !strcmp(key, "WM/MediaOriginalBroadcastDateTime")) { - if (filetime_to_iso8601(buf, buf_size, num) < 0) { - av_free(buf); + if (filetime_to_iso8601(buf, sizeof(buf), num) < 0) return; - } } else if (!strcmp(key, "WM/WMRVEncodeTime") || !strcmp(key, "WM/WMRVEndTime")) { - if (crazytime_to_iso8601(buf, buf_size, num) < 0) { - av_free(buf); + if (crazytime_to_iso8601(buf, sizeof(buf), num) < 0) return; - } } else if (!strcmp(key, "WM/WMRVExpirationDate")) { - if (oledate_to_iso8601(buf, buf_size, num) < 0 ) { - av_free(buf); + if (oledate_to_iso8601(buf, sizeof(buf), num) < 0) return; - } } else if (!strcmp(key, "WM/WMRVBitrate")) - snprintf(buf, buf_size, "%f", av_int2double(num)); + snprintf(buf, sizeof(buf), "%f", av_int2double(num)); else - snprintf(buf, buf_size, "%"PRIi64, num); + snprintf(buf, sizeof(buf), "%"PRIi64, num); } else if (type == 5 && length == 2) { - snprintf(buf, buf_size, "%u", avio_rl16(pb)); + snprintf(buf, sizeof(buf), "%u", avio_rl16(pb)); } else if (type == 6 && length == 16) { ff_asf_guid guid; avio_read(pb, guid, 16); - snprintf(buf, buf_size, PRI_PRETTY_GUID, ARG_PRETTY_GUID(guid)); + snprintf(buf, sizeof(buf), PRI_PRETTY_GUID, ARG_PRETTY_GUID(guid)); } else if (type == 2 && !strcmp(key, "WM/Picture")) { get_attachment(s, pb, length); - av_freep(&buf); return; } else { - av_freep(&buf); av_log(s, AV_LOG_WARNING, "unsupported metadata entry; key:%s, type:%d, length:0x%x\n", key, type, length); avio_skip(pb, length); return; } - av_dict_set(&s->metadata, key, buf, 0); - av_freep(&buf); + av_dict_set(&s->metadata, key, bufp, dict_flags); } /** -- 2.34.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [FFmpeg-devel] [PATCH 1/5] avformat/wtvdec: Don't truncate GUIDs 2023-09-12 12:27 [FFmpeg-devel] [PATCH 1/5] avformat/wtvdec: Don't truncate GUIDs Andreas Rheinhardt ` (3 preceding siblings ...) 2023-09-12 12:34 ` [FFmpeg-devel] [PATCH 5/5] avformat/wtvdec: Avoid unnecessary allocations Andreas Rheinhardt @ 2023-09-12 21:28 ` Peter Ross 4 siblings, 0 replies; 6+ messages in thread From: Peter Ross @ 2023-09-12 21:28 UTC (permalink / raw) To: FFmpeg development discussions and patches [-- Attachment #1.1: Type: text/plain, Size: 576 bytes --] On Tue, Sep 12, 2023 at 02:27:17PM +0200, Andreas Rheinhardt wrote: > Each of the 16 bytes of a GUID is written as a two-character > hex value and three hyphens, leading to a length of 35. > GCC 13 emits a -Wformat-truncation= warning because of this. > > Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> > --- > Is there actually a reason this is using a different format than > the one used by lavu/uuid.h? i don't think so. wtvdec predates lavu/uuid.h. patchset looks good. -- Peter (A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B) [-- Attachment #1.2: signature.asc --] [-- Type: application/pgp-signature, Size: 195 bytes --] [-- Attachment #2: Type: text/plain, Size: 251 bytes --] _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-09-12 21:28 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2023-09-12 12:27 [FFmpeg-devel] [PATCH 1/5] avformat/wtvdec: Don't truncate GUIDs Andreas Rheinhardt 2023-09-12 12:34 ` [FFmpeg-devel] [PATCH 2/5] avformat/wtvdec: Skip too big tags Andreas Rheinhardt 2023-09-12 12:34 ` [FFmpeg-devel] [PATCH 3/5] avformat/wtvdec: Fix signed integer overflow Andreas Rheinhardt 2023-09-12 12:34 ` [FFmpeg-devel] [PATCH 4/5] avformat/wtvdec: Use smaller upper bound for buffer Andreas Rheinhardt 2023-09-12 12:34 ` [FFmpeg-devel] [PATCH 5/5] avformat/wtvdec: Avoid unnecessary allocations Andreas Rheinhardt 2023-09-12 21:28 ` [FFmpeg-devel] [PATCH 1/5] avformat/wtvdec: Don't truncate GUIDs Peter Ross
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel This inbox may be cloned and mirrored by anyone: git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \ ffmpegdev@gitmailbox.com public-inbox-index ffmpegdev Example config snippet for mirrors. AGPL code for this site: git clone https://public-inbox.org/public-inbox.git