Chiebot-Mirror
/
FFmpeg
mirror of https://github.com/FFmpeg/FFmpeg.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge commit '5c720657c23afd798ae0db7c7362eb859a89ab3d'

Browse Source 
* commit '5c720657c23afd798ae0db7c7362eb859a89ab3d':
  mov: always check avio_read return value

Conflicts:
	libavformat/mov.c

See: b71528d896
Merged-by: Michael Niedermayer <michaelni@gmx.at>
pull/136/head
Michael Niedermayer 10 years ago
parent ebab902a1c 5c720657c2
commit 9e1cdfb89b
1 changed files with 75 additions and 41 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 116
      libavformat/mov.c

116
libavformat/mov.c
Unescape View File

@ -403,10 +403,10 @@ retry:
if (!raw && (data_type == 3 || (data_type == 0 && (langcode < 0x400 || langcode == 0x7fff)))) { // MAC Encoded
mov_read_mac_string(c, pb, str_size, str, str_size_alloc);
} else {
int ret = avio_read(pb, str, str_size);
if (ret != str_size) {
av_freep(&str);
return ret < 0 ? ret : AVERROR_INVALIDDATA;
int ret = ffio_read_size(pb, str, str_size);
if (ret < 0) {
av_free(str);
return ret;
}
str[str_size] = 0;
}
@ -430,6 +430,7 @@ static int mov_read_chpl(MOVContext *c, AVIOContext *pb, MOVAtom atom)
int64_t start;
int i, nb_chapters, str_len, version;
char str[256+1];
int ret;
if ((atom.size -= 5) < 0)
return 0;
@ -450,8 +451,9 @@ static int mov_read_chpl(MOVContext *c, AVIOContext *pb, MOVAtom atom)
if ((atom.size -= 9+str_len) < 0)
return 0;
if (avio_read(pb, str, str_len) != str_len)
return AVERROR_INVALIDDATA;
ret = ffio_read_size(pb, str, str_len);
if (ret < 0)
return ret;
str[str_len] = 0;
avpriv_new_chapter(c->fc, i, (AVRational){1,10000000}, start, AV_NOPTS_VALUE, str);
}
@ -498,13 +500,15 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
/* macintosh alias record */
uint16_t volume_len, len;
int16_t type;
int ret;
avio_skip(pb, 10);
volume_len = avio_r8(pb);
volume_len = FFMIN(volume_len, 27);
if (avio_read(pb, dref->volume, 27) != 27)
return AVERROR_INVALIDDATA;
ret = ffio_read_size(pb, dref->volume, 27);
if (ret < 0)
return ret;
dref->volume[volume_len] = 0;
av_log(c->fc, AV_LOG_DEBUG, "volume %s, len %d\n", dref->volume, volume_len);
@ -512,8 +516,9 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
len = avio_r8(pb);
len = FFMIN(len, 63);
if (avio_read(pb, dref->filename, 63) != 63)
return AVERROR_INVALIDDATA;
ret = ffio_read_size(pb, dref->filename, 63);
if (ret < 0)
return ret;
dref->filename[len] = 0;
av_log(c->fc, AV_LOG_DEBUG, "filename %s, len %d\n", dref->filename, len);
@ -540,9 +545,11 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
dref->path = av_mallocz(len+1);
if (!dref->path)
return AVERROR(ENOMEM);
if (avio_read(pb, dref->path, len) != len) {
ret = ffio_read_size(pb, dref->path, len);
if (ret < 0) {
av_freep(&dref->path);
return AVERROR_INVALIDDATA;
return ret;
}
if (type == 18) // no additional processing needed
continue;
@ -560,9 +567,11 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
dref->dir = av_malloc(len+1);
if (!dref->dir)
return AVERROR(ENOMEM);
if (avio_read(pb, dref->dir, len) != len) {
ret = ffio_read_size(pb, dref->dir, len);
if (ret < 0) {
av_freep(&dref->dir);
return AVERROR_INVALIDDATA;
return ret;
}
dref->dir[len] = 0;
for (j = 0; j < len; j++)
@ -585,6 +594,7 @@ static int mov_read_hdlr(MOVContext *c, AVIOContext *pb, MOVAtom atom)
uint32_t av_unused ctype;
int64_t title_size;
char *title_str;
int ret;
if (c->fc->nb_streams < 1) // meta before first trak
return 0;
@ -619,9 +629,11 @@ static int mov_read_hdlr(MOVContext *c, AVIOContext *pb, MOVAtom atom)
title_str = av_malloc(title_size + 1); /* Add null terminator */
if (!title_str)
return AVERROR(ENOMEM);
if (avio_read(pb, title_str, title_size) != title_size) {
ret = ffio_read_size(pb, title_str, title_size);
if (ret < 0) {
av_freep(&title_str);
return AVERROR_INVALIDDATA;
return ret;
}
title_str[title_size] = 0;
if (title_str[0]) {
@ -802,9 +814,10 @@ static int mov_read_ftyp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
int comp_brand_size;
char* comp_brands_str;
uint8_t type[5] = {0};
int ret = ffio_read_size(pb, type, 4);
if (ret < 0)
return ret;
if (avio_read(pb, type, 4) != 4)
return AVERROR_INVALIDDATA;
if (strcmp(type, "qt "))
c->isom = 1;
av_log(c->fc, AV_LOG_DEBUG, "ISO: File Type Major Brand: %.4s\n",(char *)&type);
@ -818,9 +831,11 @@ static int mov_read_ftyp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
comp_brands_str = av_malloc(comp_brand_size + 1); /* Add null terminator */
if (!comp_brands_str)
return AVERROR(ENOMEM);
if (avio_read(pb, comp_brands_str, comp_brand_size) != comp_brand_size) {
ret = ffio_read_size(pb, comp_brands_str, comp_brand_size);
if (ret < 0) {
av_freep(&comp_brands_str);
return AVERROR_INVALIDDATA;
return ret;
}
comp_brands_str[comp_brand_size] = 0;
av_dict_set(&c->fc->metadata, "compatible_brands", comp_brands_str, 0);
@ -969,6 +984,7 @@ static int mov_read_mvhd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
avio_rb32(pb); /* selection duration */
avio_rb32(pb); /* current time */
avio_rb32(pb); /* next track ID */
return 0;
}
@ -1009,13 +1025,15 @@ static int mov_read_colr(MOVContext *c, AVIOContext *pb, MOVAtom atom)
AVStream *st;
char color_parameter_type[5] = { 0 };
int color_primaries, color_trc, color_matrix;
int ret;
if (c->fc->nb_streams < 1)
return 0;
st = c->fc->streams[c->fc->nb_streams - 1];
if (avio_read(pb, color_parameter_type, 4) != 4)
return AVERROR_INVALIDDATA;
ret = ffio_read_size(pb, color_parameter_type, 4);
if (ret < 0)
return ret;
if (strncmp(color_parameter_type, "nclx", 4) &&
strncmp(color_parameter_type, "nclc", 4)) {
av_log(c->fc, AV_LOG_WARNING, "unsupported color_parameter_type %s\n",
@ -1132,7 +1150,7 @@ static int64_t mov_read_atom_into_extradata(MOVContext *c, AVIOContext *pb, MOVA
AV_WB32(buf , atom.size + 8);
AV_WL32(buf + 4, atom.type);
err = avio_read(pb, buf + 8, atom.size);
err = ffio_read_size(pb, buf + 8, atom.size);
if (err < 0) {
codec->extradata_size -= atom.size;
return err;
@ -1283,6 +1301,7 @@ static int mov_read_svq3(MOVContext *c, AVIOContext *pb, MOVAtom atom)
static int mov_read_wave(MOVContext *c, AVIOContext *pb, MOVAtom atom)
{
AVStream *st;
int ret;
if (c->fc->nb_streams < 1)
return 0;
@ -1296,10 +1315,10 @@ static int mov_read_wave(MOVContext *c, AVIOContext *pb, MOVAtom atom)
st->codec->codec_id == AV_CODEC_ID_SPEEX) {
// pass all frma atom to codec, needed at least for QDMC and QDM2
av_freep(&st->codec->extradata);
if (ff_get_extradata(st->codec, pb, atom.size) < 0)
return AVERROR(ENOMEM);
ret = ff_get_extradata(st->codec, pb, atom.size);
if (ret < 0)
return ret;
} else if (atom.size > 8) { /* to read frma, esds atoms */
int ret;
if ((ret = mov_read_default(c, pb, atom)) < 0)
return ret;
} else
@ -1314,6 +1333,7 @@ static int mov_read_wave(MOVContext *c, AVIOContext *pb, MOVAtom atom)
static int mov_read_glbl(MOVContext *c, AVIOContext *pb, MOVAtom atom)
{
AVStream *st;
int ret;
if (c->fc->nb_streams < 1)
return 0;
@ -1336,8 +1356,9 @@ static int mov_read_glbl(MOVContext *c, AVIOContext *pb, MOVAtom atom)
return 0;
}
av_freep(&st->codec->extradata);
if (ff_get_extradata(st->codec, pb, atom.size) < 0)
return AVERROR(ENOMEM);
ret = ff_get_extradata(st->codec, pb, atom.size);
if (ret < 0)
return ret;
return 0;
}
@ -1361,7 +1382,8 @@ static int mov_read_dvc1(MOVContext *c, AVIOContext *pb, MOVAtom atom)
avio_seek(pb, 6, SEEK_CUR);
av_freep(&st->codec->extradata);
if ((ret = ff_get_extradata(st->codec, pb, atom.size - 7)) < 0)
ret = ff_get_extradata(st->codec, pb, atom.size - 7);
if (ret < 0)
return ret;
return 0;
@ -1375,6 +1397,7 @@ static int mov_read_dvc1(MOVContext *c, AVIOContext *pb, MOVAtom atom)
static int mov_read_strf(MOVContext *c, AVIOContext *pb, MOVAtom atom)
{
AVStream *st;
int ret;
if (c->fc->nb_streams < 1)
return 0;
@ -1387,8 +1410,10 @@ static int mov_read_strf(MOVContext *c, AVIOContext *pb, MOVAtom atom)
avio_skip(pb, 40);
av_freep(&st->codec->extradata);
if (ff_get_extradata(st->codec, pb, atom.size - 40) < 0)
return AVERROR(ENOMEM);
ret = ff_get_extradata(st->codec, pb, atom.size - 40);
if (ret < 0)
return ret;
return 0;
}
@ -1762,9 +1787,15 @@ static int mov_parse_stsd_data(MOVContext *c, AVIOContext *pb,
AVStream *st, MOVStreamContext *sc,
int64_t size)
{
int ret;
if (st->codec->codec_tag == MKTAG('t','m','c','d')) {
if ((int)size != size || ff_get_extradata(st->codec, pb, size) < 0)
if ((int)size != size)
return AVERROR(ENOMEM);
ret = ff_get_extradata(st->codec, pb, size);
if (ret < 0)
return ret;
if (size > 16) {
MOVStreamContext *tmcd_ctx = st->priv_data;
int val;
@ -2128,6 +2159,7 @@ static int mov_read_stsz(MOVContext *c, AVIOContext *pb, MOVAtom atom)
unsigned int i, entries, sample_size, field_size, num_bytes;
GetBitContext gb;
unsigned char* buf;
int ret;
if (c->fc->nb_streams < 1)
return 0;
@ -2181,10 +2213,11 @@ static int mov_read_stsz(MOVContext *c, AVIOContext *pb, MOVAtom atom)
return AVERROR(ENOMEM);
}
if (avio_read(pb, buf, num_bytes) < num_bytes) {
ret = ffio_read_size(pb, buf, num_bytes);
if (ret < 0) {
av_freep(&sc->sample_sizes);
av_free(buf);
return AVERROR_INVALIDDATA;
return ret;
}
init_get_bits(&gb, buf, 8*num_bytes);
@ -2852,6 +2885,7 @@ static int mov_read_custom_2plus(MOVContext *c, AVIOContext *pb, int size)
for (i = 0; i < 2; i++) {
uint8_t **p;
uint32_t len, tag;
int ret;
if (end - avio_tell(pb) <= 12)
break;
@ -2876,9 +2910,10 @@ static int mov_read_custom_2plus(MOVContext *c, AVIOContext *pb, int size)
*p = av_malloc(len + 1);
if (!*p)
break;
if (avio_read(pb, *p, len) != len) {
ret = ffio_read_size(pb, *p, len);
if (ret < 0) {
av_freep(p);
return AVERROR_INVALIDDATA;
return ret;
}
(*p)[len] = 0;
}
@ -3364,11 +3399,10 @@ static int mov_read_cmov(MOVContext *c, AVIOContext *pb, MOVAtom atom)
av_free(cmov_data);
return AVERROR(ENOMEM);
}
if (avio_read(pb, cmov_data, cmov_len) != cmov_len) {
av_freep(&cmov_data);
av_freep(&moov_data);
return AVERROR_INVALIDDATA;
}
ret = ffio_read_size(pb, cmov_data, cmov_len);
if (ret < 0)
goto free_and_return;
if (uncompress (moov_data, (uLongf *) &moov_len, (const Bytef *)cmov_data, cmov_len) != Z_OK)
goto free_and_return;
if (ffio_init_context(&ctx, moov_data, moov_len, 0, NULL, NULL, NULL, NULL) != 0)

Write Preview
Loading…
Cancel
Save