Patches attached.
- Andreas
From de945d797738c78c3435da1cb64201d00256f702 Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinha...@outlook.com>
Date: Sun, 27 Apr 2025 20:14:35 +0200
Subject: [PATCH 1/5] avformat/apvdec: Use ffio_read_size()
Fixes potential use of uninitialized data.
Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@outlook.com>
---
libavformat/apvdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/apvdec.c b/libavformat/apvdec.c
index e1ac34b003..9f94a901ec 100644
--- a/libavformat/apvdec.c
+++ b/libavformat/apvdec.c
@@ -164,7 +164,7 @@ static int apv_read_header(AVFormatContext *s)
err = ffio_ensure_seekback(s->pb, sizeof(buffer));
if (err < 0)
return err;
- size = avio_read(s->pb, buffer, sizeof(buffer));
+ size = ffio_read_size(s->pb, buffer, sizeof(buffer));
if (size < 0)
return size;
--
2.45.2
From 3e8f9107090d8bef97b389e8d28ccbe03d3f45f2 Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinha...@outlook.com>
Date: Mon, 28 Apr 2025 11:25:26 +0200
Subject: [PATCH 2/5] avformat/apvdec: Check before access
The signature check would segfault in case the packet could not
be allocated or if nothing could be read.
Furthermore, read_packet callbacks are supposed to return zero
on success, yet the current code returned the size of the packet.
Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@outlook.com>
---
libavformat/apvdec.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavformat/apvdec.c b/libavformat/apvdec.c
index 9f94a901ec..6a972c6d9a 100644
--- a/libavformat/apvdec.c
+++ b/libavformat/apvdec.c
@@ -225,6 +225,8 @@ static int apv_read_packet(AVFormatContext *s, AVPacket *pkt)
}
ret = av_get_packet(s->pb, pkt, au_size);
+ if (ret < 0)
+ return ret;
pkt->flags = AV_PKT_FLAG_KEY;
signature = AV_RB32(pkt->data);
@@ -233,7 +235,7 @@ static int apv_read_packet(AVFormatContext *s, AVPacket *pkt)
return AVERROR_INVALIDDATA;
}
- return ret;
+ return 0;
}
const FFInputFormat ff_apv_demuxer = {
--
2.45.2
From 87b90d0b6f60d2cd005bd9417f2ecd2f7a781bcd Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinha...@outlook.com>
Date: Mon, 28 Apr 2025 11:31:49 +0200
Subject: [PATCH 3/5] avformat/apvdec: Fix seeking
pkt->pos pointed to the actual packet data, not to the start
of the access unit.
Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@outlook.com>
---
libavformat/apvdec.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavformat/apvdec.c b/libavformat/apvdec.c
index 6a972c6d9a..a0a2b7681e 100644
--- a/libavformat/apvdec.c
+++ b/libavformat/apvdec.c
@@ -227,6 +227,7 @@ static int apv_read_packet(AVFormatContext *s, AVPacket *pkt)
ret = av_get_packet(s->pb, pkt, au_size);
if (ret < 0)
return ret;
+ pkt->pos -= 4;
pkt->flags = AV_PKT_FLAG_KEY;
signature = AV_RB32(pkt->data);
--
2.45.2
From 5de3c95d8858cc5c133c806e6b45c97103316637 Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinha...@outlook.com>
Date: Sun, 27 Apr 2025 20:20:02 +0200
Subject: [PATCH 4/5] avformat/apvdec: Remove inappropriate INIT_CLEANUP flag
The init-cleanup flag makes no sense for a demuxer without
a read_close() function.
Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@outlook.com>
---
libavformat/apvdec.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/libavformat/apvdec.c b/libavformat/apvdec.c
index a0a2b7681e..28948766fc 100644
--- a/libavformat/apvdec.c
+++ b/libavformat/apvdec.c
@@ -244,7 +244,6 @@ const FFInputFormat ff_apv_demuxer = {
.p.long_name = NULL_IF_CONFIG_SMALL("APV raw bitstream"),
.p.extensions = "apv",
.p.flags = AVFMT_GENERIC_INDEX | AVFMT_NOTIMESTAMPS,
- .flags_internal = FF_INFMT_FLAG_INIT_CLEANUP,
.read_probe = apv_probe,
.read_header = apv_read_header,
.read_packet = apv_read_packet,
--
2.45.2
From 8701b4e95e040a072e009a21afc3c05883f87c64 Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinha...@outlook.com>
Date: Mon, 28 Apr 2025 11:34:33 +0200
Subject: [PATCH 5/5] avcodec/apv_entropy: Remove ff_apv_read_vlc()
There is no need for testing-only code to exist in release builds,
developers can add testing/debug code just fine locally if they
need it.
Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@outlook.com>
---
libavcodec/apv_decode.h | 9 ---------
libavcodec/apv_entropy.c | 6 ------
2 files changed, 15 deletions(-)
diff --git a/libavcodec/apv_decode.h b/libavcodec/apv_decode.h
index 34c6176ea0..4749116e6b 100644
--- a/libavcodec/apv_decode.h
+++ b/libavcodec/apv_decode.h
@@ -68,13 +68,4 @@ int ff_apv_entropy_decode_block(int16_t *coeff,
GetBitContext *gbc,
APVEntropyState *state);
-/**
- * Read a single APV VLC code.
- *
- * This entrypoint is exposed for testing.
- */
-unsigned int ff_apv_read_vlc(GetBitContext *gbc, int k_param,
- const APVVLCLUT *lut);
-
-
#endif /* AVCODEC_APV_DECODE_H */
diff --git a/libavcodec/apv_entropy.c b/libavcodec/apv_entropy.c
index 00e0b4fbdf..0cce6b0847 100644
--- a/libavcodec/apv_entropy.c
+++ b/libavcodec/apv_entropy.c
@@ -95,12 +95,6 @@ static unsigned int apv_read_vlc(GetBitContext *gbc, int k_param,
}
}
-unsigned int ff_apv_read_vlc(GetBitContext *gbc, int k_param,
- const APVVLCLUT *lut)
-{
- return apv_read_vlc(gbc, k_param, lut);
-}
-
int ff_apv_entropy_decode_block(int16_t *coeff,
GetBitContext *gbc,
APVEntropyState *state)
--
2.45.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
