Fixes out of array read
Fixes: 03c406ec9530e594a074ce2979f8a1f0/asan_heap-oob_7dec26_4664_37c52495b2870a2eaac65f53958e76c1.flac
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Previous "currently size is limited" didn't give away
much in terms of useful info.
Signed-off-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
Calling ffio_ensure_seekback() if ffio_init_checksum() has been called
on the same context can lead to out of bounds memory accesses and
crashes. The reason is that ffio_ensure_seekback() does not update
checksum_ptr after reallocating the buffer, resulting in a dangling
pointer.
This effectively fixes potential crashes when opening mp3 files.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Don't prefix them ffio_url, which is misleading, sounding too
much like the urlprotocol layer (like ffurl_*).
Signed-off-by: Martin Storsjö <martin@martin.st>
Trigger a refill if the seek action moves the pointer
at the end of the buffer.
Before this patch the read action following the seek would trigger
the refill, while write action would write outside the buffer.
In the Libav codebase few muxers seek forward outside of what
already has been written so it is quite unlikely to experience
the problem with the default buffer size.
CC: libav-stable@libav.org
avio_flush() did nothing useful for read streams. Fix it to behave as
expected, and discard the currently read buffer properly.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
It's a public function and should use the avio_ namespace
Signed-off-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
C++ chokes on the definition of AVBPrint.
Including avio.h from c++ code used to work.
Fix trac ticket #3800.
Signed-off-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This simplifies proper error handling in rtsp.c/rtspdec.c. When
broadcasting over RTSP in TCP mode, the AVIOContext is closed and
recreated for each sent packet, and if the recreation fails, we might
try to close a NULL buffer when freeing things at the end.
Previously, if recreating the buffer in rtspdec.c failed, this would
crash later due to trying to close a NULL buffer.
Signed-off-by: Martin Storsjö <martin@martin.st>
When av_reallocp fails, the associated variables that keep track of
the number of elements in the array (and in some cases, the
separate number of allocated elements) need to be reset.
Not all of these might technically be needed, but it's better to
reset them if in doubt, to make sure variables don't end up
conflicting.
Signed-off-by: Martin Storsjö <martin@martin.st>
Null buffers are useful for simulating writing to a real buffer
for the sake of measuring how many bytes are written.
Signed-off-by: Martin Storsjö <martin@martin.st>
This provides at least some protection against potential accidental
corruption of AVIO buffer workspace.
Signed-off-by: Martin Storsjö <martin@martin.st>
As long as there is enough contiguous data in the avio buffer,
just return a pointer to it instead of copying it to the caller
provided buffer.
Signed-off-by: Martin Storsjö <martin@martin.st>
Data is appended in fill_buffer() when there is sufficient space left
and the data pointer only reset when needed.
Previously the data pointer was more often reset, loosing more seekback
space than otherwise needed.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
So far, aviocontexts are used either in pure-read or pure-write
mode - full read/write mode doesn't work well (and implementing it
is a much larger, not totally trivial change).
This patch allows using avio_read and ffio_read_partial on
read/write aviocontexts, where the read operations are passed
through directly unbuffered, while writes are buffered as usual.
This is enough to support the operations needed by packet based
data transfer like in udp/rtp, where aviocontext is the only
public API for hooking up custom IO.
Signed-off-by: Martin Storsjö <martin@martin.st>
Michael Niedermayer
Reynaldo H. Verdejo Pinochet
Bryan Huh
Stephan Holljes
Vittorio Giovara
wm4
Michael Niedermayer
Luca Barbato
Diego Biurrun
Mark Reid
Martin Storsjö
James Almer
Carl Eugen Hoyos
Nicolas George
Andrey Utkin
Alessandro Ghedini
Alexandra Khirnova
Ben Avison
Hendrik Schreiber