From: Soft Works <softworkz@hotmail.com>
To: "ffmpegdev@gitmailbox.com" <ffmpegdev@gitmailbox.com>
Subject: RE: [PATCH 01/11] libavformat/asf: fix handling of byte array length values
Date: Wed, 22 Dec 2021 15:24:49 +0000
Message-ID: <DM8P223MB03653AF0A5D071AB06578B4ABA7D9@DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM> (raw)
In-Reply-To: <55b554ce2316dc8953a16e17b6897abd96d996b2.1640183587.git.ffmpegagent@gmail.com>
> -----Original Message-----
> From: ffmpegagent <ffmpegagent@gmail.com>
> Sent: Wednesday, December 22, 2021 3:33 PM
> To: ffmpegdev@gitmailbox.com
> Cc: softworkz <softworkz@hotmail.com>; softworkz <softworkz@hotmail.com>
> Subject: [PATCH 01/11] libavformat/asf: fix handling of byte array length
> values
>
> From: softworkz <softworkz@hotmail.com>
>
> The spec allows attachment sizes of up to UINT32_MAX while
> we can handle only sizes up to INT32_MAX (in downstream
> code).
>
> The debug.assert in get_tag didn't really address this,
> and truncating the value_len in calling methods cannot
> be used because the length value is required in order to
> continue parsing. This adds a check with log message in
> ff_asf_handle_byte_array to handle those (rare) cases.
>
> Signed-off-by: softworkz <softworkz@hotmail.com>
> ---
> libavformat/asf.c | 12 +++++++++---
> libavformat/asf.h | 2 +-
> 2 files changed, 10 insertions(+), 4 deletions(-)
>
> diff --git a/libavformat/asf.c b/libavformat/asf.c
> index 1ac8b5f078..179b66a2b4 100644
> --- a/libavformat/asf.c
> +++ b/libavformat/asf.c
> @@ -267,12 +267,18 @@ static int get_id3_tag(AVFormatContext *s, int len)
> }
>
> int ff_asf_handle_byte_array(AVFormatContext *s, const char *name,
> - int val_len)
> + uint32_t val_len)
> {
> + if (val_len > INT32_MAX) {
> + av_log(s, AV_LOG_VERBOSE, "Unable to handle byte arrays > INT32_MAX
> in tag %s.\n", name);
> + return 1;
> + }
> +
This is a comment!
Thanks
> if (!strcmp(name, "WM/Picture")) // handle cover art
> - return asf_read_picture(s, val_len);
> + return asf_read_picture(s, (int)val_len);
> else if (!strcmp(name, "ID3")) // handle ID3 tag
> - return get_id3_tag(s, val_len);
> + return get_id3_tag(s, (int)val_len);
>
> + av_log(s, AV_LOG_VERBOSE, "Unsupported byte array in tag %s.\n", name);
> return 1;
> }
> diff --git a/libavformat/asf.h b/libavformat/asf.h
> index 01cc4f7a46..4d28560f56 100644
> --- a/libavformat/asf.h
> +++ b/libavformat/asf.h
> @@ -111,7 +111,7 @@ extern const AVMetadataConv ff_asf_metadata_conv[];
> * is unsupported by this function and 0 otherwise.
> */
> int ff_asf_handle_byte_array(AVFormatContext *s, const char *name,
> - int val_len);
> + uint32_t val_len);
>
>
> #define ASF_PACKET_FLAG_ERROR_CORRECTION_PRESENT 0x80 //1000 0000
> --
> gitgitgadget
next prev parent reply other threads:[~2021-12-22 15:24 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-22 14:32 [PATCH 00/11] libavformat/asfdec: Fix variable types and add checks for unsupported values ffmpegagent
2021-12-22 14:32 ` [PATCH 01/11] libavformat/asf: fix handling of byte array length values ffmpegagent
2021-12-22 15:24 ` Soft Works [this message]
2021-12-22 14:32 ` [PATCH 02/11] libavformat/asfdec: fix get_value return type and add checks for ffmpegagent
2021-12-22 14:32 ` [PATCH 03/11] libavformat/asfdec: fix type of value_len ffmpegagent
2021-12-22 14:33 ` [PATCH 04/11] libavformat/asfdec: fixing get_tag ffmpegagent
2021-12-22 14:33 ` [PATCH 05/11] libavformat/asfdec: implement parsing of GUID values ffmpegagent
2021-12-22 14:33 ` [PATCH 06/11] libavformat/asfdec: remove unused parameters ffmpegagent
2021-12-22 14:33 ` [PATCH 07/11] libavformat/asfdec: fix macro definition and use ffmpegagent
2021-12-22 14:33 ` [PATCH 08/11] libavformat/asfdec: remove variable redefinition in inner scope ffmpegagent
2021-12-22 14:33 ` [PATCH 09/11] libavformat/asfdec: ensure variables are initialized ffmpegagent
2021-12-22 14:33 ` [PATCH 10/11] libavformat/asfdec: fix parameter type in asf_read_stream_propertie() ffmpegagent
2021-12-22 14:33 ` [PATCH 11/11] libavformat/asfdec: fix variable types and add checks for unsupported values ffmpegagent
2021-12-22 15:13 [PATCH 00/11] libavformat/asf: fix handling of byte array length values ffmpegagent
2021-12-22 15:13 ` [PATCH 01/11] " ffmpegagent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DM8P223MB03653AF0A5D071AB06578B4ABA7D9@DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM \
--to=softworkz@hotmail.com \
--cc=ffmpegdev@gitmailbox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git