Skip to content

F
ffmpeg.wasm-core
Commit 9e1cdfb8 authored by Michael Niedermayer's avatar Michael Niedermayer
Browse files
Options

Merge commit '5c720657' 

* commit '5c720657':
  mov: always check avio_read return value

Conflicts:
	libavformat/mov.c

See: b71528d8Merged-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parents ebab902a 5c720657
Hide whitespace changes
Inline Side-by-side
Showing with 75 additions and 41 deletions
libavformat/mov.c
View file @ 9e1cdfb8
...@@ -403,10 +403,10 @@ retry: ...@@ -403,10 +403,10 @@ retry:
if (!raw && (data_type == 3 || (data_type == 0 && (langcode < 0x400 || langcode == 0x7fff)))) { // MAC Encoded if (!raw && (data_type == 3 || (data_type == 0 && (langcode < 0x400 || langcode == 0x7fff)))) { // MAC Encoded
mov_read_mac_string(c, pb, str_size, str, str_size_alloc); mov_read_mac_string(c, pb, str_size, str, str_size_alloc);
} else { } else {
int ret = avio_read(pb, str, str_size); int ret = ffio_read_size(pb, str, str_size);
if (ret != str_size) { if (ret < 0) {
av_freep(&str); av_free(str);
return ret < 0 ? ret : AVERROR_INVALIDDATA; return ret;
} }
str[str_size] = 0; str[str_size] = 0;
} }
...@@ -430,6 +430,7 @@ static int mov_read_chpl(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -430,6 +430,7 @@ static int mov_read_chpl(MOVContext *c, AVIOContext *pb, MOVAtom atom)
int64_t start; int64_t start;
int i, nb_chapters, str_len, version; int i, nb_chapters, str_len, version;
char str[256+1]; char str[256+1];
int ret;
if ((atom.size -= 5) < 0) if ((atom.size -= 5) < 0)
return 0; return 0;
...@@ -450,8 +451,9 @@ static int mov_read_chpl(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -450,8 +451,9 @@ static int mov_read_chpl(MOVContext *c, AVIOContext *pb, MOVAtom atom)
if ((atom.size -= 9+str_len) < 0) if ((atom.size -= 9+str_len) < 0)
return 0; return 0;
if (avio_read(pb, str, str_len) != str_len) ret = ffio_read_size(pb, str, str_len);
return AVERROR_INVALIDDATA; if (ret < 0)
return ret;
str[str_len] = 0; str[str_len] = 0;
avpriv_new_chapter(c->fc, i, (AVRational){1,10000000}, start, AV_NOPTS_VALUE, str); avpriv_new_chapter(c->fc, i, (AVRational){1,10000000}, start, AV_NOPTS_VALUE, str);
} }
...@@ -498,13 +500,15 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -498,13 +500,15 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
/* macintosh alias record */ /* macintosh alias record */
uint16_t volume_len, len; uint16_t volume_len, len;
int16_t type; int16_t type;
int ret;
avio_skip(pb, 10); avio_skip(pb, 10);
volume_len = avio_r8(pb); volume_len = avio_r8(pb);
volume_len = FFMIN(volume_len, 27); volume_len = FFMIN(volume_len, 27);
if (avio_read(pb, dref->volume, 27) != 27) ret = ffio_read_size(pb, dref->volume, 27);
return AVERROR_INVALIDDATA; if (ret < 0)
return ret;
dref->volume[volume_len] = 0; dref->volume[volume_len] = 0;
av_log(c->fc, AV_LOG_DEBUG, "volume %s, len %d\n", dref->volume, volume_len); av_log(c->fc, AV_LOG_DEBUG, "volume %s, len %d\n", dref->volume, volume_len);
...@@ -512,8 +516,9 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -512,8 +516,9 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
len = avio_r8(pb); len = avio_r8(pb);
len = FFMIN(len, 63); len = FFMIN(len, 63);
if (avio_read(pb, dref->filename, 63) != 63) ret = ffio_read_size(pb, dref->filename, 63);
return AVERROR_INVALIDDATA; if (ret < 0)
return ret;
dref->filename[len] = 0; dref->filename[len] = 0;
av_log(c->fc, AV_LOG_DEBUG, "filename %s, len %d\n", dref->filename, len); av_log(c->fc, AV_LOG_DEBUG, "filename %s, len %d\n", dref->filename, len);
...@@ -540,9 +545,11 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -540,9 +545,11 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
dref->path = av_mallocz(len+1); dref->path = av_mallocz(len+1);
if (!dref->path) if (!dref->path)
return AVERROR(ENOMEM); return AVERROR(ENOMEM);
if (avio_read(pb, dref->path, len) != len) {
ret = ffio_read_size(pb, dref->path, len);
if (ret < 0) {
av_freep(&dref->path); av_freep(&dref->path);
return AVERROR_INVALIDDATA; return ret;
} }
if (type == 18) // no additional processing needed if (type == 18) // no additional processing needed
continue; continue;
...@@ -560,9 +567,11 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -560,9 +567,11 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
dref->dir = av_malloc(len+1); dref->dir = av_malloc(len+1);
if (!dref->dir) if (!dref->dir)
return AVERROR(ENOMEM); return AVERROR(ENOMEM);
if (avio_read(pb, dref->dir, len) != len) {
ret = ffio_read_size(pb, dref->dir, len);
if (ret < 0) {
av_freep(&dref->dir); av_freep(&dref->dir);
return AVERROR_INVALIDDATA; return ret;
} }
dref->dir[len] = 0; dref->dir[len] = 0;
for (j = 0; j < len; j++) for (j = 0; j < len; j++)
...@@ -585,6 +594,7 @@ static int mov_read_hdlr(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -585,6 +594,7 @@ static int mov_read_hdlr(MOVContext *c, AVIOContext *pb, MOVAtom atom)
uint32_t av_unused ctype; uint32_t av_unused ctype;
int64_t title_size; int64_t title_size;
char *title_str; char *title_str;
int ret;
if (c->fc->nb_streams < 1) // meta before first trak if (c->fc->nb_streams < 1) // meta before first trak
return 0; return 0;
...@@ -619,9 +629,11 @@ static int mov_read_hdlr(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -619,9 +629,11 @@ static int mov_read_hdlr(MOVContext *c, AVIOContext *pb, MOVAtom atom)
title_str = av_malloc(title_size + 1); /* Add null terminator */ title_str = av_malloc(title_size + 1); /* Add null terminator */
if (!title_str) if (!title_str)
return AVERROR(ENOMEM); return AVERROR(ENOMEM);
if (avio_read(pb, title_str, title_size) != title_size) {
ret = ffio_read_size(pb, title_str, title_size);
if (ret < 0) {
av_freep(&title_str); av_freep(&title_str);
return AVERROR_INVALIDDATA; return ret;
} }
title_str[title_size] = 0; title_str[title_size] = 0;
if (title_str[0]) { if (title_str[0]) {
...@@ -802,9 +814,10 @@ static int mov_read_ftyp(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -802,9 +814,10 @@ static int mov_read_ftyp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
int comp_brand_size; int comp_brand_size;
char* comp_brands_str; char* comp_brands_str;
uint8_t type[5] = {0}; uint8_t type[5] = {0};
int ret = ffio_read_size(pb, type, 4);
if (ret < 0)
return ret;
if (avio_read(pb, type, 4) != 4)
return AVERROR_INVALIDDATA;
if (strcmp(type, "qt ")) if (strcmp(type, "qt "))
c->isom = 1; c->isom = 1;
av_log(c->fc, AV_LOG_DEBUG, "ISO: File Type Major Brand: %.4s\n",(char *)&type); av_log(c->fc, AV_LOG_DEBUG, "ISO: File Type Major Brand: %.4s\n",(char *)&type);
...@@ -818,9 +831,11 @@ static int mov_read_ftyp(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -818,9 +831,11 @@ static int mov_read_ftyp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
comp_brands_str = av_malloc(comp_brand_size + 1); /* Add null terminator */ comp_brands_str = av_malloc(comp_brand_size + 1); /* Add null terminator */
if (!comp_brands_str) if (!comp_brands_str)
return AVERROR(ENOMEM); return AVERROR(ENOMEM);
if (avio_read(pb, comp_brands_str, comp_brand_size) != comp_brand_size) {
ret = ffio_read_size(pb, comp_brands_str, comp_brand_size);
if (ret < 0) {
av_freep(&comp_brands_str); av_freep(&comp_brands_str);
return AVERROR_INVALIDDATA; return ret;
} }
comp_brands_str[comp_brand_size] = 0; comp_brands_str[comp_brand_size] = 0;
av_dict_set(&c->fc->metadata, "compatible_brands", comp_brands_str, 0); av_dict_set(&c->fc->metadata, "compatible_brands", comp_brands_str, 0);
...@@ -969,6 +984,7 @@ static int mov_read_mvhd(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -969,6 +984,7 @@ static int mov_read_mvhd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
avio_rb32(pb); /* selection duration */ avio_rb32(pb); /* selection duration */
avio_rb32(pb); /* current time */ avio_rb32(pb); /* current time */
avio_rb32(pb); /* next track ID */ avio_rb32(pb); /* next track ID */
return 0; return 0;
} }
...@@ -1009,13 +1025,15 @@ static int mov_read_colr(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -1009,13 +1025,15 @@ static int mov_read_colr(MOVContext *c, AVIOContext *pb, MOVAtom atom)
AVStream *st; AVStream *st;
char color_parameter_type[5] = { 0 }; char color_parameter_type[5] = { 0 };
int color_primaries, color_trc, color_matrix; int color_primaries, color_trc, color_matrix;
int ret;
if (c->fc->nb_streams < 1) if (c->fc->nb_streams < 1)
return 0; return 0;
st = c->fc->streams[c->fc->nb_streams - 1]; st = c->fc->streams[c->fc->nb_streams - 1];
if (avio_read(pb, color_parameter_type, 4) != 4) ret = ffio_read_size(pb, color_parameter_type, 4);
return AVERROR_INVALIDDATA; if (ret < 0)
return ret;
if (strncmp(color_parameter_type, "nclx", 4) && if (strncmp(color_parameter_type, "nclx", 4) &&
strncmp(color_parameter_type, "nclc", 4)) { strncmp(color_parameter_type, "nclc", 4)) {
av_log(c->fc, AV_LOG_WARNING, "unsupported color_parameter_type %s\n", av_log(c->fc, AV_LOG_WARNING, "unsupported color_parameter_type %s\n",
...@@ -1132,7 +1150,7 @@ static int64_t mov_read_atom_into_extradata(MOVContext *c, AVIOContext *pb, MOVA ...@@ -1132,7 +1150,7 @@ static int64_t mov_read_atom_into_extradata(MOVContext *c, AVIOContext *pb, MOVA
AV_WB32(buf , atom.size + 8); AV_WB32(buf , atom.size + 8);
AV_WL32(buf + 4, atom.type); AV_WL32(buf + 4, atom.type);
err = avio_read(pb, buf + 8, atom.size); err = ffio_read_size(pb, buf + 8, atom.size);
if (err < 0) { if (err < 0) {
codec->extradata_size -= atom.size; codec->extradata_size -= atom.size;
return err; return err;
...@@ -1283,6 +1301,7 @@ static int mov_read_svq3(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -1283,6 +1301,7 @@ static int mov_read_svq3(MOVContext *c, AVIOContext *pb, MOVAtom atom)
static int mov_read_wave(MOVContext *c, AVIOContext *pb, MOVAtom atom) static int mov_read_wave(MOVContext *c, AVIOContext *pb, MOVAtom atom)
{ {
AVStream *st; AVStream *st;
int ret;
if (c->fc->nb_streams < 1) if (c->fc->nb_streams < 1)
return 0; return 0;
...@@ -1296,10 +1315,10 @@ static int mov_read_wave(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -1296,10 +1315,10 @@ static int mov_read_wave(MOVContext *c, AVIOContext *pb, MOVAtom atom)
st->codec->codec_id == AV_CODEC_ID_SPEEX) { st->codec->codec_id == AV_CODEC_ID_SPEEX) {
// pass all frma atom to codec, needed at least for QDMC and QDM2 // pass all frma atom to codec, needed at least for QDMC and QDM2
av_freep(&st->codec->extradata); av_freep(&st->codec->extradata);
if (ff_get_extradata(st->codec, pb, atom.size) < 0) ret = ff_get_extradata(st->codec, pb, atom.size);
return AVERROR(ENOMEM); if (ret < 0)
return ret;
} else if (atom.size > 8) { /* to read frma, esds atoms */ } else if (atom.size > 8) { /* to read frma, esds atoms */
int ret;
if ((ret = mov_read_default(c, pb, atom)) < 0) if ((ret = mov_read_default(c, pb, atom)) < 0)
return ret; return ret;
} else } else
...@@ -1314,6 +1333,7 @@ static int mov_read_wave(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -1314,6 +1333,7 @@ static int mov_read_wave(MOVContext *c, AVIOContext *pb, MOVAtom atom)
static int mov_read_glbl(MOVContext *c, AVIOContext *pb, MOVAtom atom) static int mov_read_glbl(MOVContext *c, AVIOContext *pb, MOVAtom atom)
{ {
AVStream *st; AVStream *st;
int ret;
if (c->fc->nb_streams < 1) if (c->fc->nb_streams < 1)
return 0; return 0;
...@@ -1336,8 +1356,9 @@ static int mov_read_glbl(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -1336,8 +1356,9 @@ static int mov_read_glbl(MOVContext *c, AVIOContext *pb, MOVAtom atom)
return 0; return 0;
} }
av_freep(&st->codec->extradata); av_freep(&st->codec->extradata);
if (ff_get_extradata(st->codec, pb, atom.size) < 0) ret = ff_get_extradata(st->codec, pb, atom.size);
return AVERROR(ENOMEM); if (ret < 0)
return ret;
return 0; return 0;
} }
...@@ -1361,7 +1382,8 @@ static int mov_read_dvc1(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -1361,7 +1382,8 @@ static int mov_read_dvc1(MOVContext *c, AVIOContext *pb, MOVAtom atom)
avio_seek(pb, 6, SEEK_CUR); avio_seek(pb, 6, SEEK_CUR);
av_freep(&st->codec->extradata); av_freep(&st->codec->extradata);
if ((ret = ff_get_extradata(st->codec, pb, atom.size - 7)) < 0) ret = ff_get_extradata(st->codec, pb, atom.size - 7);
if (ret < 0)
return ret; return ret;
return 0; return 0;
...@@ -1375,6 +1397,7 @@ static int mov_read_dvc1(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -1375,6 +1397,7 @@ static int mov_read_dvc1(MOVContext *c, AVIOContext *pb, MOVAtom atom)
static int mov_read_strf(MOVContext *c, AVIOContext *pb, MOVAtom atom) static int mov_read_strf(MOVContext *c, AVIOContext *pb, MOVAtom atom)
{ {
AVStream *st; AVStream *st;
int ret;
if (c->fc->nb_streams < 1) if (c->fc->nb_streams < 1)
return 0; return 0;
...@@ -1387,8 +1410,10 @@ static int mov_read_strf(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -1387,8 +1410,10 @@ static int mov_read_strf(MOVContext *c, AVIOContext *pb, MOVAtom atom)
avio_skip(pb, 40); avio_skip(pb, 40);
av_freep(&st->codec->extradata); av_freep(&st->codec->extradata);
if (ff_get_extradata(st->codec, pb, atom.size - 40) < 0) ret = ff_get_extradata(st->codec, pb, atom.size - 40);
return AVERROR(ENOMEM); if (ret < 0)
return ret;
return 0; return 0;
} }
...@@ -1762,9 +1787,15 @@ static int mov_parse_stsd_data(MOVContext *c, AVIOContext *pb, ...@@ -1762,9 +1787,15 @@ static int mov_parse_stsd_data(MOVContext *c, AVIOContext *pb,
AVStream *st, MOVStreamContext *sc, AVStream *st, MOVStreamContext *sc,
int64_t size) int64_t size)
{ {
int ret;
if (st->codec->codec_tag == MKTAG('t','m','c','d')) { if (st->codec->codec_tag == MKTAG('t','m','c','d')) {
if ((int)size != size || ff_get_extradata(st->codec, pb, size) < 0) if ((int)size != size)
return AVERROR(ENOMEM); return AVERROR(ENOMEM);
ret = ff_get_extradata(st->codec, pb, size);
if (ret < 0)
return ret;
if (size > 16) { if (size > 16) {
MOVStreamContext *tmcd_ctx = st->priv_data; MOVStreamContext *tmcd_ctx = st->priv_data;
int val; int val;
...@@ -2128,6 +2159,7 @@ static int mov_read_stsz(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -2128,6 +2159,7 @@ static int mov_read_stsz(MOVContext *c, AVIOContext *pb, MOVAtom atom)
unsigned int i, entries, sample_size, field_size, num_bytes; unsigned int i, entries, sample_size, field_size, num_bytes;
GetBitContext gb; GetBitContext gb;
unsigned char* buf; unsigned char* buf;
int ret;
if (c->fc->nb_streams < 1) if (c->fc->nb_streams < 1)
return 0; return 0;
...@@ -2181,10 +2213,11 @@ static int mov_read_stsz(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -2181,10 +2213,11 @@ static int mov_read_stsz(MOVContext *c, AVIOContext *pb, MOVAtom atom)
return AVERROR(ENOMEM); return AVERROR(ENOMEM);
} }
if (avio_read(pb, buf, num_bytes) < num_bytes) { ret = ffio_read_size(pb, buf, num_bytes);
if (ret < 0) {
av_freep(&sc->sample_sizes); av_freep(&sc->sample_sizes);
av_free(buf); av_free(buf);
return AVERROR_INVALIDDATA; return ret;
} }
init_get_bits(&gb, buf, 8*num_bytes); init_get_bits(&gb, buf, 8*num_bytes);
...@@ -2852,6 +2885,7 @@ static int mov_read_custom_2plus(MOVContext *c, AVIOContext *pb, int size) ...@@ -2852,6 +2885,7 @@ static int mov_read_custom_2plus(MOVContext *c, AVIOContext *pb, int size)
for (i = 0; i < 2; i++) { for (i = 0; i < 2; i++) {
uint8_t **p; uint8_t **p;
uint32_t len, tag; uint32_t len, tag;
int ret;
if (end - avio_tell(pb) <= 12) if (end - avio_tell(pb) <= 12)
break; break;
...@@ -2876,9 +2910,10 @@ static int mov_read_custom_2plus(MOVContext *c, AVIOContext *pb, int size) ...@@ -2876,9 +2910,10 @@ static int mov_read_custom_2plus(MOVContext *c, AVIOContext *pb, int size)
*p = av_malloc(len + 1); *p = av_malloc(len + 1);
if (!*p) if (!*p)
break; break;
if (avio_read(pb, *p, len) != len) { ret = ffio_read_size(pb, *p, len);
if (ret < 0) {
av_freep(p); av_freep(p);
return AVERROR_INVALIDDATA; return ret;
} }
(*p)[len] = 0; (*p)[len] = 0;
} }
...@@ -3364,11 +3399,10 @@ static int mov_read_cmov(MOVContext *c, AVIOContext *pb, MOVAtom atom) ...@@ -3364,11 +3399,10 @@ static int mov_read_cmov(MOVContext *c, AVIOContext *pb, MOVAtom atom)
av_free(cmov_data); av_free(cmov_data);
return AVERROR(ENOMEM); return AVERROR(ENOMEM);
} }
if (avio_read(pb, cmov_data, cmov_len) != cmov_len) { ret = ffio_read_size(pb, cmov_data, cmov_len);
av_freep(&cmov_data); if (ret < 0)
av_freep(&moov_data); goto free_and_return;
return AVERROR_INVALIDDATA;
}
if (uncompress (moov_data, (uLongf *) &moov_len, (const Bytef *)cmov_data, cmov_len) != Z_OK) if (uncompress (moov_data, (uLongf *) &moov_len, (const Bytef *)cmov_data, cmov_len) != Z_OK)
goto free_and_return; goto free_and_return;
if (ffio_init_context(&ctx, moov_data, moov_len, 0, NULL, NULL, NULL, NULL) != 0) if (ffio_init_context(&ctx, moov_data, moov_len, 0, NULL, NULL, NULL, NULL) != 0)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment