[FFmpeg-devel] [PATCH 1/2] avformat: add data_size for ff_hex_to_data()
lance.lmwang at gmail.com
lance.lmwang at gmail.com
Fri May 7 04:23:03 EEST 2021
From: Limin Wang <lance.lmwang at gmail.com>
This prevents OOM in case of data buffer size is insufficient.
Signed-off-by: Limin Wang <lance.lmwang at gmail.com>
---
libavfilter/dnn/dnn_backend_tf.c | 4 ++--
libavformat/hls.c | 2 +-
libavformat/internal.h | 6 ++++--
libavformat/rtpdec_latm.c | 4 ++--
libavformat/rtpdec_mpeg4.c | 4 ++--
libavformat/utils.c | 7 +++++--
6 files changed, 16 insertions(+), 11 deletions(-)
diff --git a/libavfilter/dnn/dnn_backend_tf.c b/libavfilter/dnn/dnn_backend_tf.c
index 03fe310..4eb5bec 100644
--- a/libavfilter/dnn/dnn_backend_tf.c
+++ b/libavfilter/dnn/dnn_backend_tf.c
@@ -219,14 +219,14 @@ static DNNReturnType load_tf_model(TFModel *tf_model, const char *model_filename
return DNN_ERROR;
}
config = tf_model->ctx.options.sess_config + 2;
- sess_config_length = ff_hex_to_data(NULL, config);
+ sess_config_length = ff_hex_to_data(NULL, 0, config);
sess_config = av_mallocz(sess_config_length + AV_INPUT_BUFFER_PADDING_SIZE);
if (!sess_config) {
av_log(ctx, AV_LOG_ERROR, "failed to allocate memory\n");
return DNN_ERROR;
}
- ff_hex_to_data(sess_config, config);
+ ff_hex_to_data(sess_config, sess_config_length, config);
}
graph_def = read_graph(model_filename);
diff --git a/libavformat/hls.c b/libavformat/hls.c
index 584f658..c7f9f06 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -800,7 +800,7 @@ static int parse_playlist(HLSContext *c, const char *url,
if (!strcmp(info.method, "SAMPLE-AES"))
key_type = KEY_SAMPLE_AES;
if (!strncmp(info.iv, "0x", 2) || !strncmp(info.iv, "0X", 2)) {
- ff_hex_to_data(iv, info.iv + 2);
+ ff_hex_to_data(iv, sizeof(iv), info.iv + 2);
has_iv = 1;
}
av_strlcpy(key, info.uri, sizeof(key));
diff --git a/libavformat/internal.h b/libavformat/internal.h
index 7d0eab4..e0e625f 100644
--- a/libavformat/internal.h
+++ b/libavformat/internal.h
@@ -397,10 +397,12 @@ char *ff_data_to_hex(char *buf, const uint8_t *src, int size, int lowercase);
* digits is ignored.
*
* @param data if non-null, the parsed data is written to this pointer
+ * @param data_size the data buffer size
* @param p the string to parse
- * @return the number of bytes written (or to be written, if data is null)
+ * @return the number of bytes written (or to be written, if data is null),
+ * or a negative value in case data buffer size is insufficient.
*/
-int ff_hex_to_data(uint8_t *data, const char *p);
+int ff_hex_to_data(uint8_t *data, int data_size, const char *p);
/**
* Add packet to an AVFormatContext's packet_buffer list, determining its
diff --git a/libavformat/rtpdec_latm.c b/libavformat/rtpdec_latm.c
index 104a00a..c348cc8 100644
--- a/libavformat/rtpdec_latm.c
+++ b/libavformat/rtpdec_latm.c
@@ -91,7 +91,7 @@ static int latm_parse_packet(AVFormatContext *ctx, PayloadContext *data,
static int parse_fmtp_config(AVStream *st, const char *value)
{
- int len = ff_hex_to_data(NULL, value), i, ret = 0;
+ int len = ff_hex_to_data(NULL, 0, value), i, ret = 0;
GetBitContext gb;
uint8_t *config;
int audio_mux_version, same_time_framing, num_programs, num_layers;
@@ -100,7 +100,7 @@ static int parse_fmtp_config(AVStream *st, const char *value)
config = av_mallocz(len + AV_INPUT_BUFFER_PADDING_SIZE);
if (!config)
return AVERROR(ENOMEM);
- ff_hex_to_data(config, value);
+ ff_hex_to_data(config, len, value);
init_get_bits(&gb, config, len*8);
audio_mux_version = get_bits(&gb, 1);
same_time_framing = get_bits(&gb, 1);
diff --git a/libavformat/rtpdec_mpeg4.c b/libavformat/rtpdec_mpeg4.c
index 34c7950..540192c 100644
--- a/libavformat/rtpdec_mpeg4.c
+++ b/libavformat/rtpdec_mpeg4.c
@@ -112,11 +112,11 @@ static void close_context(PayloadContext *data)
static int parse_fmtp_config(AVCodecParameters *par, const char *value)
{
/* decode the hexa encoded parameter */
- int len = ff_hex_to_data(NULL, value), ret;
+ int len = ff_hex_to_data(NULL, 0, value), ret;
if ((ret = ff_alloc_extradata(par, len)) < 0)
return ret;
- ff_hex_to_data(par->extradata, value);
+ ff_hex_to_data(par->extradata, par->extradata_size, value);
return 0;
}
diff --git a/libavformat/utils.c b/libavformat/utils.c
index 6c8b974..7085c28 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -4762,7 +4762,7 @@ char *ff_data_to_hex(char *buff, const uint8_t *src, int s, int lowercase)
return buff;
}
-int ff_hex_to_data(uint8_t *data, const char *p)
+int ff_hex_to_data(uint8_t *data, int data_size, const char *p)
{
int c, len, v;
@@ -4781,8 +4781,11 @@ int ff_hex_to_data(uint8_t *data, const char *p)
break;
v = (v << 4) | c;
if (v & 0x100) {
- if (data)
+ if (data) {
+ if (len >= data_size)
+ return -1;
data[len] = v;
+ }
len++;
v = 1;
}
--
1.8.3.1
More information about the ffmpeg-devel
mailing list