[FFmpeg-devel] [PATCH 1/2] avformat/mov: Non overflowing ambisonic order check

[FFmpeg-devel] [PATCH 1/2] avformat/mov: Non overflowing ambisonic order check

[Michael Niedermayer]

Fixes: signed integer overflow: 536870913 * 536870913 cannot be represented in type 'int'
Fixes: 45862/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4730373768085504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 6c847de164..3619be68f4 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -7382,7 +7382,7 @@ static int mov_read_SA3D(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     }
 
     channel_count = avio_rb32(pb);
-    if (channel_count != (ambisonic_order + 1) * (ambisonic_order + 1)) {
+    if (ambisonic_order < 0 || channel_count != (ambisonic_order + 1LL) * (ambisonic_order + 1LL)) {
         av_log(c->fc, AV_LOG_ERROR,
                "Invalid number of channels (%d / %d)\n",
                channel_count, ambisonic_order);
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 2/2] avformat: Do not search through the AVOption table for a option not in it repeatedly on each packet

[Michael Niedermayer]

This search takes alot of time especially when compared with small packets

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/demux.c    | 15 +++++++++------
 libavformat/internal.h |  5 +++++
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/libavformat/demux.c b/libavformat/demux.c
index ac1f16edcd..ef189d9d8e 100644
--- a/libavformat/demux.c
+++ b/libavformat/demux.c
@@ -1407,12 +1407,15 @@ FF_ENABLE_DEPRECATION_WARNINGS
         }
     }
 
-    av_opt_get_dict_val(s, "metadata", AV_OPT_SEARCH_CHILDREN, &metadata);
-    if (metadata) {
-        s->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
-        av_dict_copy(&s->metadata, metadata, 0);
-        av_dict_free(&metadata);
-        av_opt_set_dict_val(s, "metadata", NULL, AV_OPT_SEARCH_CHILDREN);
+    if (!si->metafree) {
+        int metaret = av_opt_get_dict_val(s, "metadata", AV_OPT_SEARCH_CHILDREN, &metadata);
+        if (metadata) {
+            s->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
+            av_dict_copy(&s->metadata, metadata, 0);
+            av_dict_free(&metadata);
+            av_opt_set_dict_val(s, "metadata", NULL, AV_OPT_SEARCH_CHILDREN);
+        }
+        si->metafree = metaret == AVERROR_OPTION_NOT_FOUND;
     }
 
     if (s->debug & FF_FDEBUG_TS)
diff --git a/libavformat/internal.h b/libavformat/internal.h
index 342e6f7327..3ad76d992c 100644
--- a/libavformat/internal.h
+++ b/libavformat/internal.h
@@ -183,6 +183,11 @@ typedef struct FFFormatContext {
      * Set if chapter ids are strictly monotonic.
      */
     int chapter_ids_monotonic;
+
+    /**
+     * Contexts and child contexts do not contain a metadata option
+     */
+    int metafree;
 } FFFormatContext;
 
 static av_always_inline FFFormatContext *ffformatcontext(AVFormatContext *s)
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 2/2] avformat: Do not search through the AVOption table for a option not in it repeatedly on each packet

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 999 bytes --]

On Sat, Mar 26, 2022 at 12:06:50AM +0100, Michael Niedermayer wrote:
> This search takes alot of time especially when compared with small packets
> 
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/demux.c    | 15 +++++++++------
>  libavformat/internal.h |  5 +++++
>  2 files changed, 14 insertions(+), 6 deletions(-)

with amr-nb in 3gp this changes 
./ffmpeg -i matrixbench_mpeg2.mpg -ar 8000 -ac 1 -acodec amr_nb -ab 4.75k -vn test.3gp
./ffmpeg -i test.3gp -f null -

46631 decicycles in read_frame_internal,    8191 runs,      1 skips
to
15719 decicycles in read_frame_internal,    8188 runs,      4 skips

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The real ebay dictionary, page 1
"Used only once"    - "Some unspecified defect prevented a second use"
"In good condition" - "Can be repaird by experienced expert"
"As is" - "You wouldnt want it even if you were payed for it, if you knew ..."

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 2/2] avformat: Do not search through the AVOption table for a option not in it repeatedly on each packet

[Paul B Mahol]

probably fine
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 2/2] avformat: Do not search through the AVOption table for a option not in it repeatedly on each packet

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 353 bytes --]

On Sat, Mar 26, 2022 at 03:25:09PM +0100, Paul B Mahol wrote:
> probably fine

will apply

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

In fact, the RIAA has been known to suggest that students drop out
of college or go to community college in order to be able to afford
settlements. -- The RIAA

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 1/2] avformat/mov: Non overflowing ambisonic order check

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 731 bytes --]

On Sat, Mar 26, 2022 at 12:06:49AM +0100, Michael Niedermayer wrote:
> Fixes: signed integer overflow: 536870913 * 536870913 cannot be represented in type 'int'
> Fixes: 45862/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4730373768085504
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/mov.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

will apply

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Good people do not need laws to tell them to act responsibly, while bad
people will find a way around the laws. -- Plato

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".