On Sat, Jun 07, 2025 at 12:21:43AM +0100, Kieran Kunhya via ffmpeg-devel wrote:
> On Sat, 7 Jun 2025, 00:12 Michael Niedermayer, <mich...@niedermayer.cc>
> wrote:
>
> > Code like FFMIN(MAX_DURATION_BUFFER_SIZE, avio_size(s->pb)) is not safe
> > as FFMIN() is a macro and avio_size() is thus evaluated multiple
> > times
> >
> > CC: Justin Ruggles <just...@vimeo.com>
> > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
> > ---
> > libavformat/dhav.c | 7 ++++---
> > 1 file changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/libavformat/dhav.c b/libavformat/dhav.c
> > index 5a83a8aea9d..c7e5371636a 100644
> > --- a/libavformat/dhav.c
> > +++ b/libavformat/dhav.c
> > @@ -246,11 +246,12 @@ static int64_t get_duration(AVFormatContext *s)
> > int64_t end_buffer_pos;
> > int64_t offset;
> > unsigned date;
> > + int64_t size = avio_size(s->pb);
> >
> > if (!s->pb->seekable)
> > return 0;
> >
> > - if (start_pos + 16 > avio_size(s->pb))
> > + if (start_pos + 16 > size)
> > return 0;
> >
> > avio_skip(s->pb, 16);
> > @@ -258,13 +259,13 @@ static int64_t get_duration(AVFormatContext *s)
> > get_timeinfo(date, &timeinfo);
> > start = av_timegm(&timeinfo) * 1000LL;
> >
> > - end_buffer_size = FFMIN(MAX_DURATION_BUFFER_SIZE, avio_size(s->pb));
> > + end_buffer_size = FFMIN(MAX_DURATION_BUFFER_SIZE, size);
> > end_buffer = av_malloc(end_buffer_size);
> > if (!end_buffer) {
> > avio_seek(s->pb, start_pos, SEEK_SET);
> > return 0;
> > }
> > - end_buffer_pos = avio_size(s->pb) - end_buffer_size;
> > + end_buffer_pos = size - end_buffer_size;
> > avio_seek(s->pb, end_buffer_pos, SEEK_SET);
> > avio_read(s->pb, end_buffer, end_buffer_size);
> >
> > --
> > 2.49.0
> >
>
> Can you explain what "not safe" means?
> I assume it means avio_size() causes a seek to the end to get the length
> but it's not obvious.
if you write
X = FFMIN(1000, avio_size(s->pb))
you dont expect X to be 2000, but it can be, if the filesize changes
between the 2 evaluations
also theres if (start_pos + 16 > avio_size(s->pb))
and that might not hold true either by the later evaluations
does it matter?
void *av_malloc(size_t size)
lets assume this is a 32bit system end_buffer_pos and avio_size is 64bit
we truncate teh mallloc argument
and then here, offset is 64bit
offset = end_buffer_size - 8;
while (offset > 0) {
if (AV_RL32(end_buffer + offset) == MKTAG('d','h','a','v')) {
int64_t seek_back = AV_RL32(end_buffer + offset + 4);
end_pos = end_buffer_pos + offset - seek_back + 8;
break;
} else {
offset -= 9;
}
}
I have not thought very much about this, I just think code like
FFMIN(1000, avio_size(s->pb))
should behave as one would expect from a quick look
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
For a strong democracy, genuine criticism is necessary, allegations benefit
noone, they just cause unnecessary conflicts. - Narendra Modi
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
