From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 5B99645A77 for ; Tue, 14 Mar 2023 10:19:22 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8034368BB33; Tue, 14 Mar 2023 12:19:20 +0200 (EET) Received: from 10.mo550.mail-out.ovh.net (10.mo550.mail-out.ovh.net [178.32.96.102]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id CA88368A658 for ; Tue, 14 Mar 2023 12:19:13 +0200 (EET) Received: from director10.ghost.mail-out.ovh.net (unknown [10.109.138.131]) by mo550.mail-out.ovh.net (Postfix) with ESMTP id C68A720E5C for ; Tue, 14 Mar 2023 10:19:12 +0000 (UTC) Received: from ghost-submission-6684bf9d7b-n628w (unknown [10.109.156.10]) by director10.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 376911FE01 for ; Tue, 14 Mar 2023 10:19:12 +0000 (UTC) Received: from mediaarea.net ([37.59.142.106]) by ghost-submission-6684bf9d7b-n628w with ESMTPSA id CLRBByBKEGRNZwAAhD/iQw (envelope-from ) for ; Tue, 14 Mar 2023 10:19:12 +0000 Authentication-Results: garm.ovh; auth=pass (GARM-106R006ae7f5cfe-f1ab-4f22-8bdf-b5d43533e38e, 3ADEB190F508FB2DE8A7FDBDA22CEB0FF2B1AA67) smtp.auth=zen-lists@mediaarea.net X-OVh-ClientIp: 84.143.152.64 Content-Type: multipart/mixed; boundary="------------PrEU6bIsGFHitNH2C80sEjrv" Message-ID: Date: Tue, 14 Mar 2023 11:19:10 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: From: Jerome Martinez In-Reply-To: X-Ovh-Tracer-Id: 5341269160849213689 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvhedrvddviedgudegucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpegtkfffgggfuffvfhfhjgesmhdtreertdefjeenucfhrhhomheplfgvrhhomhgvucforghrthhinhgviicuoehjvghrohhmvgesmhgvughirggrrhgvrgdrnhgvtheqnecuggftrfgrthhtvghrnhepffegudffheekheekledtteetgeehkeehgfetudetkeejgfekueeuueelgefhgeffnecuffhomhgrihhnpehffhhmphgvghdrohhrghenucfkphepuddvjedrtddrtddruddpfeejrdehledrudegvddruddtieenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepoehjvghrohhmvgesmhgvughirggrrhgvrgdrnhgvtheqpdhnsggprhgtphhtthhopedupdhrtghpthhtohepfhhfmhhpvghgqdguvghvvghlsehffhhmphgvghdrohhrghdpoffvtefjohhsthepmhhoheehtddpmhhouggvpehsmhhtphhouhht Subject: Re: [FFmpeg-devel] [PATCH] avcodec/dpx: fix check of minimal data size for unpadded content X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: This is a multi-part message in MIME format. --------------PrEU6bIsGFHitNH2C80sEjrv Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Please consider the attached patch. Before: "Overread buffer. Invalid header?" despite that all bytes are there (the precheck is wrong, not the parsing after the precheck) After: transcoding is fine A (zeroed) sample file is available at https://trac.ffmpeg.org/ticket/10259 Jérôme On 19/10/2022 11:47, Jerome Martinez wrote: > stride value is not relevant with unpadded content and the total count > of pixels (width x height) must be used instead of the rounding based > on width only then multiplied by height > > unpadded_10bit value computing is moved sooner in the code in order to > be able to use it during computing of minimal content size > > Fix 'Overread buffer' error when the content is not lucky enough to > have (enough) padding bytes at the end for not being rejected by the > formula based on the stride value > > Signed-off-by: Jerome Martinez > --- >  libavcodec/dpx.c | 34 ++++++++++++++++++---------------- >  1 file changed, 18 insertions(+), 16 deletions(-) > > diff --git a/libavcodec/dpx.c b/libavcodec/dpx.c > index 4f50608..d4699f6 100644 > --- a/libavcodec/dpx.c > +++ b/libavcodec/dpx.c > @@ -476,14 +476,30 @@ static int decode_frame(AVCodecContext *avctx, > AVFrame *p, >          avctx->colorspace = AVCOL_SPC_RGB; >      } > > +    av_strlcpy(creator, avpkt->data + 160, 100); > +    creator[100] = '\0'; > +    av_dict_set(&p->metadata, "Creator", creator, 0); > + > +    av_strlcpy(input_device, avpkt->data + 1556, 32); > +    input_device[32] = '\0'; > +    av_dict_set(&p->metadata, "Input Device", input_device, 0); > + > +    // Some devices do not pad 10bit samples to whole 32bit words per > row > +    if (!memcmp(input_device, "Scanity", 7) || > +        !memcmp(creator, "Lasergraphics Inc.", 18)) { > +        unpadded_10bit = 1; > +    } > + >      // Table 3c: Runs will always break at scan line boundaries. Packing >      // will always break to the next 32-bit word at scan-line > boundaries. >      // Unfortunately, the encoder produced invalid files, so attempt >      // to detect it > +    // Also handle special case with unpadded content >      need_align = FFALIGN(stride, 4); > -    if (need_align*avctx->height + (int64_t)offset > avpkt->size) { > +    if (need_align*avctx->height + (int64_t)offset > avpkt->size && > +        (!unpadded_10bit || (avctx->width * avctx->height * elements > + 2) / 3 * 4 + (int64_t)offset > avpkt->size)) { >          // Alignment seems unappliable, try without > -        if (stride*avctx->height + (int64_t)offset > avpkt->size) { > +        if (stride*avctx->height + (int64_t)offset > avpkt->size || > unpadded_10bit) { >              av_log(avctx, AV_LOG_ERROR, "Overread buffer. Invalid > header?\n"); >              return AVERROR_INVALIDDATA; >          } else { > @@ -609,20 +625,6 @@ static int decode_frame(AVCodecContext *avctx, > AVFrame *p, >      if ((ret = ff_get_buffer(avctx, p, 0)) < 0) >          return ret; > > -    av_strlcpy(creator, avpkt->data + 160, 100); > -    creator[100] = '\0'; > -    av_dict_set(&p->metadata, "Creator", creator, 0); > - > -    av_strlcpy(input_device, avpkt->data + 1556, 32); > -    input_device[32] = '\0'; > -    av_dict_set(&p->metadata, "Input Device", input_device, 0); > - > -    // Some devices do not pad 10bit samples to whole 32bit words per > row > -    if (!memcmp(input_device, "Scanity", 7) || > -        !memcmp(creator, "Lasergraphics Inc.", 18)) { > -        unpadded_10bit = 1; > -    } > - >      // Move pointer to offset from start of file >      buf =  avpkt->data + offset; > --------------PrEU6bIsGFHitNH2C80sEjrv Content-Type: text/plain; charset=UTF-8; name="0001-avcodec-dpx-fix-check-of-minimal-data-size-for-unpad.patch" Content-Disposition: attachment; filename*0="0001-avcodec-dpx-fix-check-of-minimal-data-size-for-unpad.pa"; filename*1="tch" Content-Transfer-Encoding: base64 RnJvbSAyMWMyMTM3M2NhNTc2ZjFkZmYwNWY5NTJjMTcyNzU5NTdiOTM4OGJkIE1vbiBTZXAg MTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKZXJvbWUgTWFydGluZXogPGplcm9tZUBtZWRpYWFy ZWEubmV0PgpEYXRlOiBXZWQsIDE5IE9jdCAyMDIyIDExOjM3OjM0ICswMjAwClN1YmplY3Q6 IFtQQVRDSF0gYXZjb2RlYy9kcHg6IGZpeCBjaGVjayBvZiBtaW5pbWFsIGRhdGEgc2l6ZSBm b3IgdW5wYWRkZWQKIGNvbnRlbnQKCnN0cmlkZSB2YWx1ZSBpcyBub3QgcmVsZXZhbnQgd2l0 aCB1bnBhZGRlZCBjb250ZW50IGFuZCB0aGUgdG90YWwgY291bnQgb2YgcGl4ZWxzICh3aWR0 aCB4IGhlaWdodCkgbXVzdCBiZSB1c2VkIGluc3RlYWQgb2YgdGhlIHJvdW5kaW5nIGJhc2Vk IG9uIHdpZHRoIG9ubHkgdGhlbiBtdWx0aXBsaWVkIGJ5IGhlaWdodAoKdW5wYWRkZWRfMTBi aXQgdmFsdWUgY29tcHV0aW5nIGlzIG1vdmVkIHNvb25lciBpbiB0aGUgY29kZSBpbiBvcmRl ciB0byBiZSBhYmxlIHRvIHVzZSBpdCBkdXJpbmcgY29tcHV0aW5nIG9mIG1pbmltYWwgY29u dGVudCBzaXplCgpGaXggJ092ZXJyZWFkIGJ1ZmZlcicgZXJyb3Igd2hlbiB0aGUgY29udGVu dCBpcyBub3QgbHVja3kgZW5vdWdoIHRvIGhhdmUgKGVub3VnaCkgcGFkZGluZyBieXRlcyBh dCB0aGUgZW5kIGZvciBub3QgYmVpbmcgcmVqZWN0ZWQgYnkgdGhlIGZvcm11bGEgYmFzZWQg b24gdGhlIHN0cmlkZSB2YWx1ZQotLS0KIGxpYmF2Y29kZWMvZHB4LmMgfCAzNCArKysrKysr KysrKysrKysrKystLS0tLS0tLS0tLS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgMTggaW5zZXJ0 aW9ucygrKSwgMTYgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvbGliYXZjb2RlYy9kcHgu YyBiL2xpYmF2Y29kZWMvZHB4LmMKaW5kZXggNGY1MDYwODQ2MS4uZDQ2OTlmNjVmYyAxMDA2 NDQKLS0tIGEvbGliYXZjb2RlYy9kcHguYworKysgYi9saWJhdmNvZGVjL2RweC5jCkBAIC00 NzYsMTQgKzQ3NiwzMCBAQCBzdGF0aWMgaW50IGRlY29kZV9mcmFtZShBVkNvZGVjQ29udGV4 dCAqYXZjdHgsIEFWRnJhbWUgKnAsCiAgICAgICAgIGF2Y3R4LT5jb2xvcnNwYWNlID0gQVZD T0xfU1BDX1JHQjsKICAgICB9CiAKKyAgICBhdl9zdHJsY3B5KGNyZWF0b3IsIGF2cGt0LT5k YXRhICsgMTYwLCAxMDApOworICAgIGNyZWF0b3JbMTAwXSA9ICdcMCc7CisgICAgYXZfZGlj dF9zZXQoJnAtPm1ldGFkYXRhLCAiQ3JlYXRvciIsIGNyZWF0b3IsIDApOworCisgICAgYXZf c3RybGNweShpbnB1dF9kZXZpY2UsIGF2cGt0LT5kYXRhICsgMTU1NiwgMzIpOworICAgIGlu cHV0X2RldmljZVszMl0gPSAnXDAnOworICAgIGF2X2RpY3Rfc2V0KCZwLT5tZXRhZGF0YSwg IklucHV0IERldmljZSIsIGlucHV0X2RldmljZSwgMCk7CisKKyAgICAvLyBTb21lIGRldmlj ZXMgZG8gbm90IHBhZCAxMGJpdCBzYW1wbGVzIHRvIHdob2xlIDMyYml0IHdvcmRzIHBlciBy b3cKKyAgICBpZiAoIW1lbWNtcChpbnB1dF9kZXZpY2UsICJTY2FuaXR5IiwgNykgfHwKKyAg ICAgICAgIW1lbWNtcChjcmVhdG9yLCAiTGFzZXJncmFwaGljcyBJbmMuIiwgMTgpKSB7Cisg ICAgICAgIHVucGFkZGVkXzEwYml0ID0gMTsKKyAgICB9CisKICAgICAvLyBUYWJsZSAzYzog UnVucyB3aWxsIGFsd2F5cyBicmVhayBhdCBzY2FuIGxpbmUgYm91bmRhcmllcy4gUGFja2lu ZwogICAgIC8vIHdpbGwgYWx3YXlzIGJyZWFrIHRvIHRoZSBuZXh0IDMyLWJpdCB3b3JkIGF0 IHNjYW4tbGluZSBib3VuZGFyaWVzLgogICAgIC8vIFVuZm9ydHVuYXRlbHksIHRoZSBlbmNv ZGVyIHByb2R1Y2VkIGludmFsaWQgZmlsZXMsIHNvIGF0dGVtcHQKICAgICAvLyB0byBkZXRl Y3QgaXQKKyAgICAvLyBBbHNvIGhhbmRsZSBzcGVjaWFsIGNhc2Ugd2l0aCB1bnBhZGRlZCBj b250ZW50CiAgICAgbmVlZF9hbGlnbiA9IEZGQUxJR04oc3RyaWRlLCA0KTsKLSAgICBpZiAo bmVlZF9hbGlnbiphdmN0eC0+aGVpZ2h0ICsgKGludDY0X3Qpb2Zmc2V0ID4gYXZwa3QtPnNp emUpIHsKKyAgICBpZiAobmVlZF9hbGlnbiphdmN0eC0+aGVpZ2h0ICsgKGludDY0X3Qpb2Zm c2V0ID4gYXZwa3QtPnNpemUgJiYKKyAgICAgICAgKCF1bnBhZGRlZF8xMGJpdCB8fCAoYXZj dHgtPndpZHRoICogYXZjdHgtPmhlaWdodCAqIGVsZW1lbnRzICsgMikgLyAzICogNCArIChp bnQ2NF90KW9mZnNldCA+IGF2cGt0LT5zaXplKSkgewogICAgICAgICAvLyBBbGlnbm1lbnQg c2VlbXMgdW5hcHBsaWFibGUsIHRyeSB3aXRob3V0Ci0gICAgICAgIGlmIChzdHJpZGUqYXZj dHgtPmhlaWdodCArIChpbnQ2NF90KW9mZnNldCA+IGF2cGt0LT5zaXplKSB7CisgICAgICAg IGlmIChzdHJpZGUqYXZjdHgtPmhlaWdodCArIChpbnQ2NF90KW9mZnNldCA+IGF2cGt0LT5z aXplIHx8IHVucGFkZGVkXzEwYml0KSB7CiAgICAgICAgICAgICBhdl9sb2coYXZjdHgsIEFW X0xPR19FUlJPUiwgIk92ZXJyZWFkIGJ1ZmZlci4gSW52YWxpZCBoZWFkZXI/XG4iKTsKICAg ICAgICAgICAgIHJldHVybiBBVkVSUk9SX0lOVkFMSUREQVRBOwogICAgICAgICB9IGVsc2Ug ewpAQCAtNjA5LDIwICs2MjUsNiBAQCBzdGF0aWMgaW50IGRlY29kZV9mcmFtZShBVkNvZGVj Q29udGV4dCAqYXZjdHgsIEFWRnJhbWUgKnAsCiAgICAgaWYgKChyZXQgPSBmZl9nZXRfYnVm ZmVyKGF2Y3R4LCBwLCAwKSkgPCAwKQogICAgICAgICByZXR1cm4gcmV0OwogCi0gICAgYXZf c3RybGNweShjcmVhdG9yLCBhdnBrdC0+ZGF0YSArIDE2MCwgMTAwKTsKLSAgICBjcmVhdG9y WzEwMF0gPSAnXDAnOwotICAgIGF2X2RpY3Rfc2V0KCZwLT5tZXRhZGF0YSwgIkNyZWF0b3Ii LCBjcmVhdG9yLCAwKTsKLQotICAgIGF2X3N0cmxjcHkoaW5wdXRfZGV2aWNlLCBhdnBrdC0+ ZGF0YSArIDE1NTYsIDMyKTsKLSAgICBpbnB1dF9kZXZpY2VbMzJdID0gJ1wwJzsKLSAgICBh dl9kaWN0X3NldCgmcC0+bWV0YWRhdGEsICJJbnB1dCBEZXZpY2UiLCBpbnB1dF9kZXZpY2Us IDApOwotCi0gICAgLy8gU29tZSBkZXZpY2VzIGRvIG5vdCBwYWQgMTBiaXQgc2FtcGxlcyB0 byB3aG9sZSAzMmJpdCB3b3JkcyBwZXIgcm93Ci0gICAgaWYgKCFtZW1jbXAoaW5wdXRfZGV2 aWNlLCAiU2Nhbml0eSIsIDcpIHx8Ci0gICAgICAgICFtZW1jbXAoY3JlYXRvciwgIkxhc2Vy Z3JhcGhpY3MgSW5jLiIsIDE4KSkgewotICAgICAgICB1bnBhZGRlZF8xMGJpdCA9IDE7Ci0g ICAgfQotCiAgICAgLy8gTW92ZSBwb2ludGVyIHRvIG9mZnNldCBmcm9tIHN0YXJ0IG9mIGZp bGUKICAgICBidWYgPSAgYXZwa3QtPmRhdGEgKyBvZmZzZXQ7CiAKLS0gCjIuMTMuMy53aW5k b3dzLjEKCg== --------------PrEU6bIsGFHitNH2C80sEjrv Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --------------PrEU6bIsGFHitNH2C80sEjrv--