On 20.05.2015 03:15, Michael Niedermayer wrote:
> On Wed, May 20, 2015 at 12:49:55AM +0200, Andreas Cadhalpun wrote:
>> This can unnecessarily waste a lot of time.
>>
>> Signed-off-by: Andreas Cadhalpun <[email protected]>
>> ---
>> libavformat/nutdec.c | 8 +++++---
>> 1 file changed, 5 insertions(+), 3 deletions(-)
>>
>> diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
>> index a75587f..e979ee6 100644
>> --- a/libavformat/nutdec.c
>> +++ b/libavformat/nutdec.c
>> @@ -47,6 +47,8 @@ static int get_str(AVIOContext *bc, char *string, unsigned
>> int maxlen)
>> while (len > maxlen) {
>> avio_r8(bc);
>> len--;
>> + if (bc->eof_reached)
>> + len = maxlen;
>> }
>
> maybe this would be better as avio_skip()
> but ok either way
I prefer to avoid the additional complexity of avio_skip (see below...).
>> if (maxlen)
>> @@ -211,7 +213,7 @@ static int skip_reserved(AVIOContext *bc, int64_t pos)
>> avio_seek(bc, pos, SEEK_CUR);
>> return AVERROR_INVALIDDATA;
>> } else {
>> - while (pos--)
>> + while (pos-- && !bc->eof_reached)
>> avio_r8(bc);
>> return 0;
>> }
>> @@ -291,7 +293,7 @@ static int decode_main_header(NUTContext *nut)
>> if (tmp_fields > 7)
>> tmp_head_idx = ffio_read_varlen(bc);
>>
>> - while (tmp_fields-- > 8)
>> + while (tmp_fields-- > 8 && !bc->eof_reached)
>> ffio_read_varlen(bc);
>>
>> if (count <= 0 || count > 256 - (i <= 'N') - i) {
>> @@ -990,7 +992,7 @@ static int decode_frame_header(NUTContext *nut, int64_t
>> *pts, int *stream_id,
>> *header_idx = ffio_read_varlen(bc);
>> if (flags & FLAG_RESERVED)
>> reserved_count = ffio_read_varlen(bc);
>> - for (i = 0; i < reserved_count; i++)
>> + for (i = 0; i < reserved_count && !bc->eof_reached; i++)
>> ffio_read_varlen(bc);
>
> these should return an error in the eof case
OK, patch updated.
> the first of the 3 could use a seek/skip as well possibly
I tried this, but it caused weird crashes in av_crc, so I reverted that.
> also if you want some of these things could also be limited by te
> packet end from get_packetheader and not just EOF
I'm not sure this would help much, because get_packetheader reads the
size from the file, so it could be an arbitrary value as well.
Best regards,
Andreas
>From a9b20e9de2d66b8d53c222efbe6ee439aac94cfe Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <[email protected]>
Date: Wed, 20 May 2015 00:31:24 +0200
Subject: [PATCH 2/3] nutdec: stop skipping bytes at EOF
This can unnecessarily waste a lot of time.
Signed-off-by: Andreas Cadhalpun <[email protected]>
---
libavformat/nutdec.c | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index 9b227c6..4e45b3f 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -47,6 +47,8 @@ static int get_str(AVIOContext *bc, char *string, unsigned int maxlen)
while (len > maxlen) {
avio_r8(bc);
len--;
+ if (bc->eof_reached)
+ len = maxlen;
}
if (maxlen)
@@ -211,8 +213,11 @@ static int skip_reserved(AVIOContext *bc, int64_t pos)
avio_seek(bc, pos, SEEK_CUR);
return AVERROR_INVALIDDATA;
} else {
- while (pos--)
+ while (pos--) {
+ if (bc->eof_reached)
+ return AVERROR_INVALIDDATA;
avio_r8(bc);
+ }
return 0;
}
}
@@ -291,8 +296,13 @@ static int decode_main_header(NUTContext *nut)
if (tmp_fields > 7)
tmp_head_idx = ffio_read_varlen(bc);
- while (tmp_fields-- > 8)
+ while (tmp_fields-- > 8) {
+ if (bc->eof_reached) {
+ av_log(s, AV_LOG_ERROR, "reached EOF while decoding main header\n");
+ return AVERROR_INVALIDDATA;
+ }
ffio_read_varlen(bc);
+ }
if (count <= 0 || count > 256 - (i <= 'N') - i) {
av_log(s, AV_LOG_ERROR, "illegal count %d at %d\n", count, i);
@@ -990,8 +1000,13 @@ static int decode_frame_header(NUTContext *nut, int64_t *pts, int *stream_id,
*header_idx = ffio_read_varlen(bc);
if (flags & FLAG_RESERVED)
reserved_count = ffio_read_varlen(bc);
- for (i = 0; i < reserved_count; i++)
+ for (i = 0; i < reserved_count; i++) {
+ if (bc->eof_reached) {
+ av_log(s, AV_LOG_ERROR, "reached EOF while decoding frame header\n");
+ return AVERROR_INVALIDDATA;
+ }
ffio_read_varlen(bc);
+ }
if (*header_idx >= (unsigned)nut->header_count) {
av_log(s, AV_LOG_ERROR, "header_idx invalid\n");
--
2.1.4
_______________________________________________
ffmpeg-devel mailing list
[email protected]
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
