From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id C91D245DCB
	for <ffmpegdev@gitmailbox.com>; Mon, 12 Jun 2023 12:07:43 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C38CD68C3B7;
	Mon, 12 Jun 2023 15:07:40 +0300 (EEST)
Received: from mail-lj1-f178.google.com (mail-lj1-f178.google.com
 [209.85.208.178])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 2C59868BF58
 for <ffmpeg-devel@ffmpeg.org>; Mon, 12 Jun 2023 15:07:34 +0300 (EEST)
Received: by mail-lj1-f178.google.com with SMTP id
 38308e7fff4ca-2b1a4250b07so50188471fa.3
 for <ffmpeg-devel@ffmpeg.org>; Mon, 12 Jun 2023 05:07:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20221208; t=1686571653; x=1689163653;
 h=to:in-reply-to:references:message-id:date:subject:mime-version:from
 :content-transfer-encoding:from:to:cc:subject:date:message-id
 :reply-to; bh=ehVmvI2CSa6abTxiKwxURYBE4oSv+uwgDnZMYRgfEVM=;
 b=iY8Tvc/ktTs9n7f7fLvYW+05KVzx310hC5eZxZjbalv7cR+RXt6/SdrhPJWxVSd0NS
 dRfgcYedq7CbmysnKVgl+NMFnGPVcjHuWF9kLrvbSIUHMST6/dxuM3JIbbcD4SS69bgP
 GkTsR1BJ86qedMQX4aOeJuabMdBXTjsUnaA35sGn4FWIWRnP7vZOzKg5Xj9SUeGWrn7m
 ZcR3GuNEcKacg8M6fnZ7Hq0AawEEvYXnp5zsuaEoOLvv6c/13Zu4J2u0s/FMxPzTOIW3
 pe0VpDV+zrDyMkd/9iH5YwxhRj0ONe34JIslNDokl8J+Et52eG1k1j7kAOlx5wZcHZOg
 XuLw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1686571653; x=1689163653;
 h=to:in-reply-to:references:message-id:date:subject:mime-version:from
 :content-transfer-encoding:x-gm-message-state:from:to:cc:subject
 :date:message-id:reply-to;
 bh=ehVmvI2CSa6abTxiKwxURYBE4oSv+uwgDnZMYRgfEVM=;
 b=djjyM5piJ+epSMEKCUJA9igyMQ5ml7BCB6j0inHQTLSFI+11/KTCKH6iOGAxbrZyFQ
 yWI9cfXkc4skRCY1Uwpo8wtRhJ13RfFRyojYkOA1/1umazk5whufDvuvGu7SBnrwBBMq
 2enxoe83IFGyuBOhEqwAVev9MH+sYz00pMNbREt2FsHIpaIhQxkX9O4agmqAsSbhpzpx
 Vc8vnNP6z9fO6nUgMM3CsthygSBK1zvXE0FaOdgzHwM8wFgFVCY7esDAzrwMyAKXVW3n
 /LGXk/YhbIZTFiTnMVpx+ByA4FR1M8H1CrgJWWAzfH/zSFy0TWjHDGwQfsu01pjZvZB8
 Gvfg==
X-Gm-Message-State: AC+VfDwC8CDk96kNYC5/u7D0zDHSeE/kyfhEANcG0vbTkRo1ZzUpazhd
 BHphe5SJ+WRKxJPlE3YiWNuz9IsH9JM07g==
X-Google-Smtp-Source: ACHHUZ7AjEA/JsH13E7uQvcUEdfLVuMe7mnEDiawlXNd/md+kn6vHxeQjLVqYQK9DwEYLve0P3s0gQ==
X-Received: by 2002:a2e:9b4d:0:b0:2b1:bc73:6fa with SMTP id
 o13-20020a2e9b4d000000b002b1bc7306famr2974624ljj.21.1686571653057; 
 Mon, 12 Jun 2023 05:07:33 -0700 (PDT)
Received: from smtpclient.apple ([213.235.133.41])
 by smtp.gmail.com with ESMTPSA id
 k23-20020a17090627d700b009787b13d1ddsm5144364ejc.51.2023.06.12.05.07.25
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Mon, 12 Jun 2023 05:07:32 -0700 (PDT)
From: "Marvin Scholz (ePirat)" <epirat07@gmail.com>
Mime-Version: 1.0 (1.0)
Date: Mon, 12 Jun 2023 14:06:52 +0200
Message-Id: <F2EA1CE8-6EE6-4B62-9BAF-2743F752CFBE@gmail.com>
References: <tencent_7F1ACDB7CFEDD559A72DB8AB1642CD162007@qq.com>
In-Reply-To: <tencent_7F1ACDB7CFEDD559A72DB8AB1642CD162007@qq.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
X-Mailer: iPhone Mail (20F66)
Subject: Re: [FFmpeg-devel] [PATCH] avformat/mov: fix overallocation when
 reading pssh/saiz
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/F2EA1CE8-6EE6-4B62-9BAF-2743F752CFBE@gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

SGksCgo+IE9uIDEyLiBKdW4gMjAyMywgYXQgMTM6NTYsIFpoYW8gWmhpbGkgPHF1aW5rYmxhY2tA
Zm94bWFpbC5jb20+IHdyb3RlOgo+IAo+IO+7v0Zyb206IFpoYW8gWmhpbGkgPHpoaWxpemhhb0B0
ZW5jZW50LmNvbT4KPiAKPiBtb3ZfdHJ5X3JlYWRfYmxvY2soKSBhbGxvY2F0ZXMgMU1CIGF0IGxl
YXN0LCB3aGljaCBjYW4gYmUgbW9yZSB0aGFuCj4gZW5vdWdoLiBJdCB3YXMgY2FsbGVkIHdoZW4g
cmVhZGluZyBzYWl6IGJveCwgd2hpY2ggY2FuIGFwcGVhcgo+IHBlcmlvZGljYWxseSBpbnNpZGUg
Zm1wNC4gVGhpcyBjb25zdW1lcyBhIGxvdCBvZiBtZW1vcnkuCj4gCj4gV2UgY2FuIGZpeCBtb3Zf
dHJ5X3JlYWRfYmxvY2soKSBieSBjbGFtcCAnYmxvY2tfc2l6ZScgd2l0aCAnc2l6ZScuCj4gSG93
ZXZlciwgdGhlIGZ1bmN0aW9uIGlzIGhhcm1mdWwgdGhhbiBoZWxwZnVsLiBJdCBhdm9pZHMgYWxs
b2NhdGluZwo+IGxhcmdlIG1lbW9yeSB3aGVuIHRoZSByZWFsIGRhdGEgaXMgc21hbGwuIEV2ZW4g
aW4gdGhhdCBjYXNlLCBpZgo+IGFsbG9jYXRpbmcgbGFyZ2UgbWVtb3J5IGRpcmVjdGx5IGZhaWxl
ZCwgaXQncyBmaW5lIHRvIHJldHVybiBFTk9NRU07Cj4gaWYgYWxsb2NhdGluZyBzdWNjZXNzIGFu
ZCByZWFkaW5nIGRvZXNuJ3QgbWF0Y2ggdGhlIGdpdmVuIHNpemUsIGl0J3MKPiBmaW5lIHRvIGZy
ZWUgYW5kIHJldHVybiBBVkVSUk9SX0lOVkFMSUREQVRBLiBJbiBvdGhlciBjYXNlcywgaXQncyBh
Cj4gd2FzdGUgb2YgQ1BVIGFuZCBtZW1vcnkuCj4gCj4gU28gSSBkZWNpZGVkIHRvIHJlbW92ZSB0
aGUgZnVuY3Rpb24sIGFuZCByZXBsYWNlIGl0IGJ5IGNhbGwKPiBhdl9tYWxsb2MoKSBhbmQgYXZp
b19yZWFkKCkgZGlyZWN0bHkuCj4gCj4gbW92X3JlYWRfc2FpeigpIGFuZCBtb3ZfcmVhZF9wc3No
KCkgbmVlZCBtb3JlIGNoZWNrLCBidXQgdGhleSBkb24ndAo+IGJlbG9uZyB0byB0aGlzIHBhdGNo
Lgo+IAo+IEZpeGVzICM3NjQxIGFuZCAjOTI0My4KPiAKPiBTaWduZWQtb2ZmLWJ5OiBaaGFvIFpo
aWxpIDx6aGlsaXpoYW9AdGVuY2VudC5jb20+Cj4gLS0tCj4gbGliYXZmb3JtYXQvbW92LmMgfCA2
MyArKysrKysrKysrKysrKysrKysrLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQo+IDEgZmls
ZSBjaGFuZ2VkLCAyNSBpbnNlcnRpb25zKCspLCAzOCBkZWxldGlvbnMoLSkKPiAKPiBkaWZmIC0t
Z2l0IGEvbGliYXZmb3JtYXQvbW92LmMgYi9saWJhdmZvcm1hdC9tb3YuYwo+IGluZGV4IGE4ZDAw
NGUwMmIuLjNkMDk2OTU0NWEgMTAwNjQ0Cj4gLS0tIGEvbGliYXZmb3JtYXQvbW92LmMKPiArKysg
Yi9saWJhdmZvcm1hdC9tb3YuYwo+IEBAIC02NjQ5LDM4ICs2NjQ5LDYgQEAgZmluaXNoOgo+ICAg
ICByZXR1cm4gcmV0Owo+IH0KPiAKPiAtLyoqCj4gLSAqIFRyaWVzIHRvIHJlYWQgdGhlIGdpdmVu
IG51bWJlciBvZiBieXRlcyBmcm9tIHRoZSBzdHJlYW0gYW5kIHB1dHMgaXQgaW4gYQo+IC0gKiBu
ZXdseSBhbGxvY2F0ZWQgYnVmZmVyLiAgVGhpcyByZWFkcyBpbiBzbWFsbCBjaHVua3MgdG8gYXZv
aWQgYWxsb2NhdGluZyBsYXJnZQo+IC0gKiBtZW1vcnkgaWYgdGhlIGZpbGUgY29udGFpbnMgYW4g
aW52YWxpZC9tYWxpY2lvdXMgc2l6ZSB2YWx1ZS4KCkkgZmFpbCB0byBzZWUgaG93IHlvdXIgcmVw
bGFjZW1lbnQgY29kZSBhZGRyZXNzZXMgdGhlIG1hbGljaW91cyBzaXplIHZhbHVlIGNhc2UgdGhh
dCB0aGlzIGZ1bmN0aW9uIG1pdGlnYXRlZCwgc2VlIGluIG1vcmUgZGV0YWlsIHdoYXQgSSBtZWFu
IGJlbG934oCmCgo+IC0gKi8KPiAtc3RhdGljIGludCBtb3ZfdHJ5X3JlYWRfYmxvY2soQVZJT0Nv
bnRleHQgKnBiLCBzaXplX3Qgc2l6ZSwgdWludDhfdCAqKmRhdGEpCj4gLXsKPiAtICAgIGNvbnN0
IHVuc2lnbmVkIGludCBibG9ja19zaXplID0gMTAyNCAqIDEwMjQ7Cj4gLSAgICB1aW50OF90ICpi
dWZmZXIgPSBOVUxMOwo+IC0gICAgdW5zaWduZWQgaW50IGFsbG9jX3NpemUgPSAwLCBvZmZzZXQg
PSAwOwo+IC0gICAgd2hpbGUgKG9mZnNldCA8IHNpemUpIHsKPiAtICAgICAgICB1bnNpZ25lZCBp
bnQgbmV3X3NpemUgPQo+IC0gICAgICAgICAgICBhbGxvY19zaXplID49IElOVF9NQVggLSBibG9j
a19zaXplID8gSU5UX01BWCA6IGFsbG9jX3NpemUgKyBibG9ja19zaXplOwo+IC0gICAgICAgIHVp
bnQ4X3QgKm5ld19idWZmZXIgPSBhdl9mYXN0X3JlYWxsb2MoYnVmZmVyLCAmYWxsb2Nfc2l6ZSwg
bmV3X3NpemUpOwo+IC0gICAgICAgIHVuc2lnbmVkIGludCB0b19yZWFkID0gRkZNSU4oc2l6ZSwg
YWxsb2Nfc2l6ZSkgLSBvZmZzZXQ7Cj4gLSAgICAgICAgaWYgKCFuZXdfYnVmZmVyKSB7Cj4gLSAg
ICAgICAgICAgIGF2X2ZyZWUoYnVmZmVyKTsKPiAtICAgICAgICAgICAgcmV0dXJuIEFWRVJST1Io
RU5PTUVNKTsKPiAtICAgICAgICB9Cj4gLSAgICAgICAgYnVmZmVyID0gbmV3X2J1ZmZlcjsKPiAt
Cj4gLSAgICAgICAgaWYgKGF2aW9fcmVhZChwYiwgYnVmZmVyICsgb2Zmc2V0LCB0b19yZWFkKSAh
PSB0b19yZWFkKSB7Cj4gLSAgICAgICAgICAgIGF2X2ZyZWUoYnVmZmVyKTsKPiAtICAgICAgICAg
ICAgcmV0dXJuIEFWRVJST1JfSU5WQUxJRERBVEE7Cj4gLSAgICAgICAgfQo+IC0gICAgICAgIG9m
ZnNldCArPSB0b19yZWFkOwo+IC0gICAgfQo+IC0KPiAtICAgICpkYXRhID0gYnVmZmVyOwo+IC0g
ICAgcmV0dXJuIDA7Cj4gLX0KPiAtCj4gc3RhdGljIGludCBtb3ZfcmVhZF9zYWl6KE1PVkNvbnRl
eHQgKmMsIEFWSU9Db250ZXh0ICpwYiwgTU9WQXRvbSBhdG9tKQo+IHsKPiAgICAgTU9WRW5jcnlw
dGlvbkluZGV4ICplbmNyeXB0aW9uX2luZGV4Owo+IEBAIC02NzM2LDE1ICs2NzA0LDI0IEBAIHN0
YXRpYyBpbnQgbW92X3JlYWRfc2FpeihNT1ZDb250ZXh0ICpjLCBBVklPQ29udGV4dCAqcGIsIE1P
VkF0b20gYXRvbSkKPiAKPiAgICAgZW5jcnlwdGlvbl9pbmRleC0+YXV4aWxpYXJ5X2luZm9fZGVm
YXVsdF9zaXplID0gYXZpb19yOChwYik7Cj4gICAgIHNhbXBsZV9jb3VudCA9IGF2aW9fcmIzMihw
Yik7Cj4gLSAgICBlbmNyeXB0aW9uX2luZGV4LT5hdXhpbGlhcnlfaW5mb19zYW1wbGVfY291bnQg
PSBzYW1wbGVfY291bnQ7Cj4gCj4gICAgIGlmIChlbmNyeXB0aW9uX2luZGV4LT5hdXhpbGlhcnlf
aW5mb19kZWZhdWx0X3NpemUgPT0gMCkgewo+IC0gICAgICAgIHJldCA9IG1vdl90cnlfcmVhZF9i
bG9jayhwYiwgc2FtcGxlX2NvdW50LCAmZW5jcnlwdGlvbl9pbmRleC0+YXV4aWxpYXJ5X2luZm9f
c2l6ZXMpOwo+IC0gICAgICAgIGlmIChyZXQgPCAwKSB7Cj4gLSAgICAgICAgICAgIGF2X2xvZyhj
LT5mYywgQVZfTE9HX0VSUk9SLCAiRmFpbGVkIHRvIHJlYWQgdGhlIGF1eGlsaWFyeSBpbmZvXG4i
KTsKPiArICAgICAgICBlbmNyeXB0aW9uX2luZGV4LT5hdXhpbGlhcnlfaW5mb19zaXplcyA9IGF2
X21hbGxvYyhzYW1wbGVfY291bnQpOwo+ICsgICAgICAgIGlmICghZW5jcnlwdGlvbl9pbmRleC0+
YXV4aWxpYXJ5X2luZm9fc2l6ZXMpCj4gKyAgICAgICAgICAgIHJldHVybiBBVkVSUk9SKEVOT01F
TSk7Cj4gKwo+ICsgICAgICAgIHJldCA9IGF2aW9fcmVhZChwYiwgZW5jcnlwdGlvbl9pbmRleC0+
YXV4aWxpYXJ5X2luZm9fc2l6ZXMsIHNhbXBsZV9jb3VudCk7Cj4gKyAgICAgICAgaWYgKHJldCAh
PSBzYW1wbGVfY291bnQpIHsKPiArICAgICAgICAgICAgYXZfZnJlZXAoJmVuY3J5cHRpb25faW5k
ZXgtPmF1eGlsaWFyeV9pbmZvX3NpemVzKTsKPiArCj4gKyAgICAgICAgICAgIGlmIChyZXQgPj0g
MCkKPiArICAgICAgICAgICAgICAgIHJldCA9IEFWRVJST1JfSU5WQUxJRERBVEE7Cj4gKyAgICAg
ICAgICAgIGF2X2xvZyhjLT5mYywgQVZfTE9HX0VSUk9SLCAiRmFpbGVkIHRvIHJlYWQgdGhlIGF1
eGlsaWFyeSBpbmZvLCAlc1xuIiwKPiArICAgICAgICAgICAgICAgICAgIGF2X2VycjJzdHIocmV0
KSk7Cj4gICAgICAgICAgICAgcmV0dXJuIHJldDsKPiAgICAgICAgIH0KPiAgICAgfQo+ICsgICAg
ZW5jcnlwdGlvbl9pbmRleC0+YXV4aWxpYXJ5X2luZm9fc2FtcGxlX2NvdW50ID0gc2FtcGxlX2Nv
dW50Owo+IAo+ICAgICBpZiAoZW5jcnlwdGlvbl9pbmRleC0+YXV4aWxpYXJ5X29mZnNldHNfY291
bnQpIHsKPiAgICAgICAgIHJldHVybiBtb3ZfcGFyc2VfYXV4aWxpYXJ5X2luZm8oYywgc2MsIHBi
LCBlbmNyeXB0aW9uX2luZGV4KTsKPiBAQCAtNjkxMyw5ICs2ODkwLDE5IEBAIHN0YXRpYyBpbnQg
bW92X3JlYWRfcHNzaChNT1ZDb250ZXh0ICpjLCBBVklPQ29udGV4dCAqcGIsIE1PVkF0b20gYXRv
bSkKPiAgICAgfQo+IAo+ICAgICBleHRyYV9kYXRhX3NpemUgPSBhdmlvX3JiMzIocGIpOwo+IC0g
ICAgcmV0ID0gbW92X3RyeV9yZWFkX2Jsb2NrKHBiLCBleHRyYV9kYXRhX3NpemUsICZleHRyYV9k
YXRhKTsKPiAtICAgIGlmIChyZXQgPCAwKQo+ICsgICAgZXh0cmFfZGF0YSA9IGF2X21hbGxvYyhl
eHRyYV9kYXRhX3NpemUpOwoKSWYgSSB1bmRlcnN0YW5kIGNvcnJlY3RseSB5b3UgYXJlIG5vdyBl
ZmZlY3RpdmVseSBwYXNzaW5nIGEgcG90ZW50aWFsbHkgbWFsaWNpb3VzIHNpemUgdmFsdWUgZGly
ZWN0bHkgdG8gbWFsbG9jLCBhbGxvd2luZyBhbiBhdHRhY2tlciB0byBleGhhdXN0IG1lbW9yeSB3
aXRoIGEgY3JhZnRlZCBmaWxlLgoKPiArICAgIGlmICghZXh0cmFfZGF0YSkgewo+ICsgICAgICAg
IHJldCA9IEFWRVJST1IoRU5PTUVNKTsKPiAgICAgICAgIGdvdG8gZmluaXNoOwo+ICsgICAgfQo+
ICsgICAgcmV0ID0gYXZpb19yZWFkKHBiLCBleHRyYV9kYXRhLCBleHRyYV9kYXRhX3NpemUpOwo+
ICsgICAgaWYgKHJldCAhPSBleHRyYV9kYXRhX3NpemUpIHsKPiArICAgICAgICBhdl9mcmVlKGV4
dHJhX2RhdGEpOwo+ICsKPiArICAgICAgICBpZiAocmV0ID49IDApCj4gKyAgICAgICAgICAgIHJl
dCA9IEFWRVJST1JfSU5WQUxJRERBVEE7Cj4gKyAgICAgICAgZ290byBmaW5pc2g7Cj4gKyAgICB9
Cj4gCj4gICAgIGF2X2ZyZWVwKCZpbmZvLT5kYXRhKTsgIC8vIG1hbGxvYygwKSBtYXkgc3RpbGwg
YWxsb2NhdGUgc29tZXRoaW5nLgo+ICAgICBpbmZvLT5kYXRhID0gZXh0cmFfZGF0YTsKPiAtLSAK
PiAyLjI1LjEKPiAKPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fXwo+IGZmbXBlZy1kZXZlbCBtYWlsaW5nIGxpc3QKPiBmZm1wZWctZGV2ZWxAZmZtcGVnLm9y
Zwo+IGh0dHBzOi8vZmZtcGVnLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2ZmbXBlZy1kZXZlbAo+IAo+
IFRvIHVuc3Vic2NyaWJlLCB2aXNpdCBsaW5rIGFib3ZlLCBvciBlbWFpbAo+IGZmbXBlZy1kZXZl
bC1yZXF1ZXN0QGZmbXBlZy5vcmcgd2l0aCBzdWJqZWN0ICJ1bnN1YnNjcmliZSIuCl9fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCmZmbXBlZy1kZXZlbCBtYWls
aW5nIGxpc3QKZmZtcGVnLWRldmVsQGZmbXBlZy5vcmcKaHR0cHM6Ly9mZm1wZWcub3JnL21haWxt
YW4vbGlzdGluZm8vZmZtcGVnLWRldmVsCgpUbyB1bnN1YnNjcmliZSwgdmlzaXQgbGluayBhYm92
ZSwgb3IgZW1haWwKZmZtcGVnLWRldmVsLXJlcXVlc3RAZmZtcGVnLm9yZyB3aXRoIHN1YmplY3Qg
InVuc3Vic2NyaWJlIi4K