From: Michael Niedermayer <[email protected]> This commits fixes issues that have been revealed with the coverity scanner in FFmpeg, such as:
- check fseeko() return codes (CID733725) - check return of ftello() (CID739863) - fix signedness of variable used to hold return code - Check offset_count (CID733836) - Fix unintended sign extension of atom_size (CID733810) - Fix unintended sign extension of current_offset (CID733809) - add -movflags +faststart note Signed-off-by: Reinhard Tartler <[email protected]> --- tools/qt-faststart.c | 45 +++++++++++++++++++++++++++++++++------------ 1 file changed, 33 insertions(+), 12 deletions(-) diff --git a/tools/qt-faststart.c b/tools/qt-faststart.c index 6522c66..2439bd88 100644 --- a/tools/qt-faststart.c +++ b/tools/qt-faststart.c @@ -97,12 +97,13 @@ int main(int argc, char *argv[]) uint64_t i, j; uint32_t offset_count; uint64_t current_offset; - uint64_t start_offset = 0; + int64_t start_offset = 0; unsigned char *copy_buffer = NULL; int bytes_to_copy; if (argc != 3) { - printf("Usage: qt-faststart <infile.mov> <outfile.mov>\n"); + printf("Usage: qt-faststart <infile.mov> <outfile.mov>\n" + "Note: alternatively you can use -movflags +faststart in ffmpeg\n"); return 0; } @@ -136,22 +137,27 @@ int main(int argc, char *argv[]) atom_size); goto error_out; } - fseeko(infile, -ATOM_PREAMBLE_SIZE, SEEK_CUR); - if (fread(ftyp_atom, atom_size, 1, infile) != 1) { + if ( fseeko(infile, -ATOM_PREAMBLE_SIZE, SEEK_CUR) + || fread(ftyp_atom, atom_size, 1, infile) != 1 + || (start_offset = ftello(infile))<0) { perror(argv[1]); goto error_out; } - start_offset = ftello(infile); } else { + int ret; /* 64-bit special case */ if (atom_size == 1) { if (fread(atom_bytes, ATOM_PREAMBLE_SIZE, 1, infile) != 1) { break; } atom_size = BE_64(&atom_bytes[0]); - fseeko(infile, atom_size - ATOM_PREAMBLE_SIZE * 2, SEEK_CUR); + ret = fseeko(infile, atom_size - ATOM_PREAMBLE_SIZE * 2, SEEK_CUR); } else { - fseeko(infile, atom_size - ATOM_PREAMBLE_SIZE, SEEK_CUR); + ret = fseeko(infile, atom_size - ATOM_PREAMBLE_SIZE, SEEK_CUR); + } + if(ret) { + perror(argv[1]); + goto error_out; } } printf("%c%c%c%c %10"PRIu64" %"PRIu64"\n", @@ -192,7 +198,10 @@ int main(int argc, char *argv[]) /* moov atom was, in fact, the last atom in the chunk; load the whole * moov atom */ - fseeko(infile, -atom_size, SEEK_END); + if (fseeko(infile, -atom_size, SEEK_END)) { + perror(argv[1]); + goto error_out; + } last_offset = ftello(infile); moov_atom_size = atom_size; moov_atom = malloc(moov_atom_size); @@ -221,14 +230,18 @@ int main(int argc, char *argv[]) atom_type = BE_32(&moov_atom[i]); if (atom_type == STCO_ATOM) { printf(" patching stco atom...\n"); - atom_size = BE_32(&moov_atom[i - 4]); + atom_size = (uint32_t)BE_32(&moov_atom[i - 4]); if (i + atom_size - 4 > moov_atom_size) { printf(" bad atom size\n"); goto error_out; } offset_count = BE_32(&moov_atom[i + 8]); + if (i + 12LL + offset_count * 4LL > moov_atom_size) { + printf(" bad atom size\n"); + goto error_out; + } for (j = 0; j < offset_count; j++) { - current_offset = BE_32(&moov_atom[i + 12 + j * 4]); + current_offset = (uint32_t)BE_32(&moov_atom[i + 12 + j * 4]); current_offset += moov_atom_size; moov_atom[i + 12 + j * 4 + 0] = (current_offset >> 24) & 0xFF; moov_atom[i + 12 + j * 4 + 1] = (current_offset >> 16) & 0xFF; @@ -238,12 +251,16 @@ int main(int argc, char *argv[]) i += atom_size - 4; } else if (atom_type == CO64_ATOM) { printf(" patching co64 atom...\n"); - atom_size = BE_32(&moov_atom[i - 4]); + atom_size = (uint32_t)BE_32(&moov_atom[i - 4]); if (i + atom_size - 4 > moov_atom_size) { printf(" bad atom size\n"); goto error_out; } offset_count = BE_32(&moov_atom[i + 8]); + if (i + 12LL + offset_count * 8LL > moov_atom_size) { + printf(" bad atom size\n"); + goto error_out; + } for (j = 0; j < offset_count; j++) { current_offset = BE_64(&moov_atom[i + 12 + j * 8]); current_offset += moov_atom_size; @@ -268,7 +285,11 @@ int main(int argc, char *argv[]) } if (start_offset > 0) { /* seek after ftyp atom */ - fseeko(infile, start_offset, SEEK_SET); + if (fseeko(infile, start_offset, SEEK_SET)) { + perror(argv[1]); + goto error_out; + } + last_offset -= start_offset; } -- 1.8.3.2 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
