[FFmpeg-devel] [PATCH] mxfdec: Constrain run-in to 64k

Tomas Härdin Mon, 15 Apr 2019 01:30:58 -0700

This isn't likely to be a huge problem, but it allows us to reason more
about run-in. It also exposes my gripe about klv_read_packet() using
mxf_read_sync()


/Tomas

From c2d66c4aa3105e33f8485234ca760da699cdfb4d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tomas=20H=C3=A4rdin?= <tjop...@acc.umu.se>
Date: Sun, 14 Apr 2019 21:18:35 +0200
Subject: [PATCH] mxfdec: Constrain run-in to 64k

S377m says we should.
Fix use of magic 14s while we're at it.
---
 libavformat/mxfdec.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 8c65a2bbcf..6af760c5c4 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -282,6 +282,7 @@ typedef struct MXFContext {
     int local_tags_count;
     uint64_t footer_partition;
     KLVPacket current_klv_data;
+#define MXF_MAX_RUN_IN 65535    /* S377m section 5.5 */
     int run_in;
     MXFPartition *current_partition;
     int parsing_backward;
@@ -383,10 +384,10 @@ static int64_t klv_decode_ber_length(AVIOContext *pb)
     return size;
 }
 
-static int mxf_read_sync(AVIOContext *pb, const uint8_t *key, unsigned size)
+static int mxf_read_sync(AVIOContext *pb, const uint8_t *key, unsigned size, int64_t max_read)
 {
     int i, b;
-    for (i = 0; i < size && !avio_feof(pb); i++) {
+    for (i = 0; i < size && !avio_feof(pb) && max_read > 0; i++, max_read--) {
         b = avio_r8(pb);
         if (b == key[0])
             i = 0;
@@ -399,7 +400,7 @@ static int mxf_read_sync(AVIOContext *pb, const uint8_t *key, unsigned size)
 static int klv_read_packet(KLVPacket *klv, AVIOContext *pb)
 {
     int64_t length, pos;
-    if (!mxf_read_sync(pb, mxf_klv_key, 4))
+    if (!mxf_read_sync(pb, mxf_klv_key, 4, INT64_MAX))
         return AVERROR_INVALIDDATA;
     klv->offset = avio_tell(pb) - 4;
     memcpy(klv->key, mxf_klv_key, 4);
@@ -3149,11 +3150,13 @@ static int mxf_read_header(AVFormatContext *s)
 
     mxf->last_forward_tell = INT64_MAX;
 
-    if (!mxf_read_sync(s->pb, mxf_header_partition_pack_key, 14)) {
+    if (!mxf_read_sync(s->pb, mxf_header_partition_pack_key,
+            sizeof(mxf_header_partition_pack_key),
+            MXF_MAX_RUN_IN + sizeof(mxf_header_partition_pack_key))) {
         av_log(s, AV_LOG_ERROR, "could not find header partition pack key\n");
         return AVERROR_INVALIDDATA;
     }
-    avio_seek(s->pb, -14, SEEK_CUR);
+    avio_seek(s->pb, -sizeof(mxf_header_partition_pack_key), SEEK_CUR);
     mxf->fc = s;
     mxf->run_in = avio_tell(s->pb);
 
@@ -3591,6 +3594,10 @@ static int mxf_probe(const AVProbeData *p) {
     /* Must skip Run-In Sequence and search for MXF header partition pack key SMPTE 377M 5.5 */
     end -= sizeof(mxf_header_partition_pack_key);
 
+    if (end - bufp > MXF_MAX_RUN_IN) {
+        end = bufp + MXF_MAX_RUN_IN;
+    }
+
     for (; bufp < end;) {
         if (!((bufp[13] - 1) & 0xF2)){
             if (AV_RN32(bufp   ) == AV_RN32(mxf_header_partition_pack_key   ) &&
-- 
2.11.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH] mxfdec: Constrain run-in to 64k

Reply via email to