[FFmpeg-devel] [PATCH 1/3] avformat/dhav: Fix check for seekability

From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: [FFmpeg-devel] [PATCH 1/3] avformat/dhav: Fix check for seekability
Date: Sun, 8 Jun 2025 01:14:39 +0200
Message-ID: <GV1P250MB0737B91511EC74FF0610B15B8F69A@GV1P250MB0737.EURP250.PROD.OUTLOOK.COM> (raw)

[-- Attachment #1: Type: text/plain, Size: 29 bytes --]

Patches attached.

- Andreas

[-- Attachment #2: 0001-avformat-dhav-Fix-check-for-seekability.patch --]
[-- Type: text/x-patch, Size: 1145 bytes --]

From 95e88893123bae89991bf45a6c5db0173e158574 Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Date: Sun, 8 Jun 2025 00:52:46 +0200
Subject: [PATCH 1/3] avformat/dhav: Fix check for seekability

AVIOContext.seekable is a bitfield. Also check for seekability
earlier.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavformat/dhav.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavformat/dhav.c b/libavformat/dhav.c
index 31f4d75181..af1a8d86a5 100644
--- a/libavformat/dhav.c
+++ b/libavformat/dhav.c
@@ -237,6 +237,9 @@ static void get_timeinfo(unsigned date, struct tm *timeinfo)
 
 static int64_t get_duration(AVFormatContext *s)
 {
+    if (!(s->pb->seekable & AVIO_SEEKABLE_NORMAL))
+        return 0;
+
     int64_t start_pos = avio_tell(s->pb);
     int64_t end_pos = -1;
     int64_t start = 0, end = 0;
@@ -248,9 +251,6 @@ static int64_t get_duration(AVFormatContext *s)
     unsigned date;
     int64_t size = avio_size(s->pb);
 
-    if (!s->pb->seekable)
-        return 0;
-
     if (start_pos + 16 > size)
         return 0;
 
-- 
2.45.2


[-- Attachment #3: 0002-avformat-dhav-Add-missed-free-for-end_buffer.patch --]
[-- Type: text/x-patch, Size: 1220 bytes --]

From 39df5a583d781d54dcac57b9d024d256d4310172 Mon Sep 17 00:00:00 2001
From: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Date: Fri, 6 Jun 2025 14:44:50 +0100
Subject: [PATCH 2/3] avformat/dhav: Add missed free for end_buffer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Accidentally left out of 36ec9217e6dca3432304c9d76078d9618247eb0f.

Found-by: Kacper Michajłow <kasper93@gmail.com>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
---
 libavformat/dhav.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/dhav.c b/libavformat/dhav.c
index af1a8d86a5..ffd6d66359 100644
--- a/libavformat/dhav.c
+++ b/libavformat/dhav.c
@@ -281,6 +281,7 @@ static int64_t get_duration(AVFormatContext *s)
     }
 
     if (end_pos < 0 || end_pos + 16 > end_buffer_pos + end_buffer_size) {
+        av_freep(&end_buffer);
         avio_seek(s->pb, start_pos, SEEK_SET);
         return 0;
     }
@@ -289,6 +290,8 @@ static int64_t get_duration(AVFormatContext *s)
     get_timeinfo(date, &timeinfo);
     end = av_timegm(&timeinfo) * 1000LL;
 
+    av_freep(&end_buffer);
+
     avio_seek(s->pb, start_pos, SEEK_SET);
 
     return end - start;
-- 
2.45.2


[-- Attachment #4: 0003-avformat-dhav-Check-reading-data.patch --]
[-- Type: text/x-patch, Size: 1960 bytes --]

From 28c1a8ebcadec6ba168664b5ece9e09159feb255 Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Date: Sun, 8 Jun 2025 01:07:02 +0200
Subject: [PATCH 3/3] avformat/dhav: Check reading data

Prevents potential use of uninitialized data.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavformat/dhav.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/libavformat/dhav.c b/libavformat/dhav.c
index ffd6d66359..9bdb23322d 100644
--- a/libavformat/dhav.c
+++ b/libavformat/dhav.c
@@ -261,13 +261,12 @@ static int64_t get_duration(AVFormatContext *s)
 
     end_buffer_size = FFMIN(MAX_DURATION_BUFFER_SIZE, size);
     end_buffer = av_malloc(end_buffer_size);
-    if (!end_buffer) {
-        avio_seek(s->pb, start_pos, SEEK_SET);
-        return 0;
-    }
+    if (!end_buffer)
+        goto fail;
     end_buffer_pos = size - end_buffer_size;
     avio_seek(s->pb, end_buffer_pos, SEEK_SET);
-    avio_read(s->pb, end_buffer, end_buffer_size);
+    if (ffio_read_size(s->pb, end_buffer, end_buffer_size) < 0)
+        goto fail;
 
     offset = end_buffer_size - 8;
     while (offset > 0) {
@@ -280,11 +279,8 @@ static int64_t get_duration(AVFormatContext *s)
         }
     }
 
-    if (end_pos < 0 || end_pos + 16 > end_buffer_pos + end_buffer_size) {
-        av_freep(&end_buffer);
-        avio_seek(s->pb, start_pos, SEEK_SET);
-        return 0;
-    }
+    if (end_pos < 0 || end_pos + 16 > end_buffer_pos + end_buffer_size)
+        goto fail;
 
     date = AV_RL32(end_buffer + (end_pos - end_buffer_pos) + 16);
     get_timeinfo(date, &timeinfo);
@@ -295,6 +291,10 @@ static int64_t get_duration(AVFormatContext *s)
     avio_seek(s->pb, start_pos, SEEK_SET);
 
     return end - start;
+fail:
+    av_freep(&end_buffer);
+    avio_seek(s->pb, start_pos, SEEK_SET);
+    return 0;
 }
 
 static int dhav_read_header(AVFormatContext *s)
-- 
2.45.2


[-- Attachment #5: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
