[FFmpeg-cvslog] avformat/mxfdec: Remove this_partition
Michael Niedermayer
git at videolan.org
Mon Oct 30 02:10:58 EET 2023
ffmpeg | branch: release/5.1 | Michael Niedermayer <michael at niedermayer.cc> | Fri Sep 22 21:13:44 2023 +0200| [b358b080a146602e87db28526d0ec3e629af3b8e] | committer: Michael Niedermayer
avformat/mxfdec: Remove this_partition
Suggested-by: Tomas Härdin <git at haerdin.se>
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5130394286817280
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 442d9412d21590c7a816118032c92070e00a1cc1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b358b080a146602e87db28526d0ec3e629af3b8e
---
libavformat/mxfdec.c | 28 ++++++++++++++++++----------
1 file changed, 18 insertions(+), 10 deletions(-)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index f6d79a3551..2b2cfba273 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -99,7 +99,6 @@ typedef struct MXFPartition {
uint64_t previous_partition;
int index_sid;
int body_sid;
- int64_t this_partition;
int64_t essence_offset; ///< absolute offset of essence
int64_t essence_length;
int32_t kag_size;
@@ -714,10 +713,13 @@ static int mxf_read_partition_pack(void *arg, AVIOContext *pb, int tag, int size
UID op;
uint64_t footer_partition;
uint32_t nb_essence_containers;
+ uint64_t this_partition;
if (mxf->partitions_count >= INT_MAX / 2)
return AVERROR_INVALIDDATA;
+ av_assert0(klv_offset >= mxf->run_in);
+
tmp_part = av_realloc_array(mxf->partitions, mxf->partitions_count + 1, sizeof(*mxf->partitions));
if (!tmp_part)
return AVERROR(ENOMEM);
@@ -760,7 +762,13 @@ static int mxf_read_partition_pack(void *arg, AVIOContext *pb, int tag, int size
partition->complete = uid[14] > 2;
avio_skip(pb, 4);
partition->kag_size = avio_rb32(pb);
- partition->this_partition = avio_rb64(pb);
+ this_partition = avio_rb64(pb);
+ if (this_partition != klv_offset - mxf->run_in) {
+ av_log(mxf->fc, AV_LOG_ERROR,
+ "this_partition %"PRId64" mismatches %"PRId64"\n",
+ this_partition, klv_offset - mxf->run_in);
+ return AVERROR_INVALIDDATA;
+ }
partition->previous_partition = avio_rb64(pb);
footer_partition = avio_rb64(pb);
partition->header_byte_count = avio_rb64(pb);
@@ -780,8 +788,8 @@ static int mxf_read_partition_pack(void *arg, AVIOContext *pb, int tag, int size
av_dict_set(&s->metadata, "operational_pattern_ul", str, 0);
}
- if (partition->this_partition &&
- partition->previous_partition == partition->this_partition) {
+ if (this_partition &&
+ partition->previous_partition == this_partition) {
av_log(mxf->fc, AV_LOG_ERROR,
"PreviousPartition equal to ThisPartition %"PRIx64"\n",
partition->previous_partition);
@@ -789,11 +797,11 @@ static int mxf_read_partition_pack(void *arg, AVIOContext *pb, int tag, int size
if (!mxf->parsing_backward && mxf->last_forward_partition > 1) {
MXFPartition *prev =
mxf->partitions + mxf->last_forward_partition - 2;
- partition->previous_partition = prev->this_partition;
+ partition->previous_partition = prev->pack_ofs - mxf->run_in;
}
/* if no previous body partition are found point to the header
* partition */
- if (partition->previous_partition == partition->this_partition)
+ if (partition->previous_partition == this_partition)
partition->previous_partition = 0;
av_log(mxf->fc, AV_LOG_ERROR,
"Overriding PreviousPartition with %"PRIx64"\n",
@@ -815,7 +823,7 @@ static int mxf_read_partition_pack(void *arg, AVIOContext *pb, int tag, int size
"PartitionPack: ThisPartition = 0x%"PRIX64
", PreviousPartition = 0x%"PRIX64", "
"FooterPartition = 0x%"PRIX64", IndexSID = %i, BodySID = %i\n",
- partition->this_partition,
+ this_partition,
partition->previous_partition, footer_partition,
partition->index_sid, partition->body_sid);
@@ -889,7 +897,7 @@ static uint64_t partition_score(MXFPartition *p)
score = 3;
else
score = 1;
- return (score << 60) | ((uint64_t)p->this_partition >> 4);
+ return (score << 60) | ((uint64_t)p->pack_ofs >> 4);
}
static int mxf_add_metadata_set(MXFContext *mxf, MXFMetadataSet **metadata_set)
@@ -3446,14 +3454,14 @@ static void mxf_compute_essence_containers(AVFormatContext *s)
/* essence container spans to the next partition */
if (x < mxf->partitions_count - 1)
- p->essence_length = mxf->partitions[x+1].this_partition - p->essence_offset;
+ p->essence_length = mxf->partitions[x+1].pack_ofs - mxf->run_in - p->essence_offset;
if (p->essence_length < 0) {
/* next ThisPartition < essence_offset */
p->essence_length = 0;
av_log(mxf->fc, AV_LOG_ERROR,
"partition %i: bad ThisPartition = %"PRIX64"\n",
- x+1, mxf->partitions[x+1].this_partition);
+ x+1, mxf->partitions[x+1].pack_ofs - mxf->run_in);
}
}
}
More information about the ffmpeg-cvslog
mailing list